CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.0%
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Vendor | Product | Version | CPE |
---|---|---|---|
firebirdsql | firebird | * | cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:* |
firebirdsql | firebird | 2.1.0 | cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:* |
secunia.com/advisories/29203
secunia.com/advisories/29501
security.gentoo.org/glsa/glsa-200803-02.xml
securityreason.com/securityalert/3580
sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
tracker.firebirdsql.org/browse/CORE-1681
www.coresecurity.com/?action=item&id=2095
www.debian.org/security/2008/dsa-1529
www.securityfocus.com/archive/1/487173/100/0/threaded
www.securityfocus.com/bid/27403
exchange.xforce.ibmcloud.com/vulnerabilities/39996