CVE-2008-0387

2008-01-2902:00:00

CWE-189

mitre

web.nvd.nist.gov

cve

2008

0387

integer overflow

firebird sql

remote attackers

arbitrary code execution

memory corruption

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.9

Confidence

Low

EPSS

0.928

Percentile

99.0%

JSON

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

Affected configurations

Nvd

Node

firebirdsqlfirebirdRange≤1.0.3

firebirdsqlfirebirdRange1.5–1.5.6

firebirdsqlfirebirdRange2.0.0–2.0.4

firebirdsqlfirebirdMatch2.1.0

VendorProductVersionCPE
firebirdsqlfirebird*cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
firebirdsqlfirebird2.1.0cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:*