CVE-2014-9323

2014-12-1618:59:14

CWE-476

mitre

web.nvd.nist.gov

cve-2014-9323

firebird

denial of service

null pointer dereference

segmentation fault

crash

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.1

Confidence

High

EPSS

0.018

Percentile

88.3%

JSON

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

Affected configurations

Nvd

Node

firebirdsqlfirebirdRange<2.1.7

firebirdsqlfirebirdRange2.5–2.5.3

Node

opensuseevergreenMatch11.4

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch14.04esm

VendorProductVersionCPE
firebirdsqlfirebird*cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
opensuseevergreen11.4cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

Vendor	Product	Version	CPE
firebirdsql	firebird	*	cpe:2.3:a:firebirdsql:firebird::::::::
opensuse	evergreen	11.4	cpe:2.3:o:opensuse:evergreen:11.4:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::