Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
46 vulnerabilities by FirebirdSQL
CVE-2026-40342 (GCVE-0-2026-40342)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:22 – Updated: 2026-04-17 19:22
VLAI?
Title
Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
10 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library\u0027s initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server\u0027s OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:22:46.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7pxc-h3rv-r257",
"discovery": "UNKNOWN"
},
"title": "Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40342",
"datePublished": "2026-04-17T19:22:46.644Z",
"dateReserved": "2026-04-10T22:50:01.358Z",
"dateUpdated": "2026-04-17T19:22:46.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35215 (GCVE-0-2026-35215)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:59 – Updated: 2026-04-17 18:59
VLAI?
Title
Firebird: DoS via malicious slice descriptor in slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-369 - Divide By Zero
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369: Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:59:23.663Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-g99w-prq5-29c6",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via malicious slice descriptor in slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35215",
"datePublished": "2026-04-17T18:59:23.663Z",
"dateReserved": "2026-04-01T18:48:58.937Z",
"dateUpdated": "2026-04-17T18:59:23.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34232 (GCVE-0-2026-34232)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:52 – Updated: 2026-04-17 18:52
VLAI?
Title
Firebird: DoS via `op_response` packet from client
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:52:11.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7jq3-6j3c-5cm2",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via `op_response` packet from client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34232",
"datePublished": "2026-04-17T18:52:11.693Z",
"dateReserved": "2026-03-26T16:22:29.034Z",
"dateUpdated": "2026-04-17T18:52:11.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33337 (GCVE-0-2026-33337)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:48 – Updated: 2026-04-17 19:21
VLAI?
Title
Firebird has a buffer overflow when parsing corrupted slice packets
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:21:08.979325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:21:17.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:48:47.953Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-89mq-229g-x47p",
"discovery": "UNKNOWN"
},
"title": "Firebird has a buffer overflow when parsing corrupted slice packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33337",
"datePublished": "2026-04-17T18:48:47.953Z",
"dateReserved": "2026-03-18T22:15:11.812Z",
"dateUpdated": "2026-04-17T19:21:17.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28224 (GCVE-0-2026-28224)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:38 – Updated: 2026-04-17 19:31
VLAI?
Title
Firebird Null Pointer Dereference via CryptCallback causes DOS
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:31:35.290539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:31:38.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:38:58.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-xrcw-wpjx-pr95",
"discovery": "UNKNOWN"
},
"title": "Firebird Null Pointer Dereference via CryptCallback causes DOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28224",
"datePublished": "2026-04-17T18:38:58.138Z",
"dateReserved": "2026-02-25T15:28:40.650Z",
"dateUpdated": "2026-04-17T19:31:38.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28214 (GCVE-0-2026-28214)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:35 – Updated: 2026-04-17 18:35
VLAI?
Title
Firebird server hangs when using specific clumplet on batch creation
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:35:46.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7cq5-994r-jhrf",
"discovery": "UNKNOWN"
},
"title": "Firebird server hangs when using specific clumplet on batch creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28214",
"datePublished": "2026-04-17T18:35:46.974Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-17T18:35:46.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27890 (GCVE-0-2026-27890)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:14 – Updated: 2026-04-17 18:50
VLAI?
Title
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:50:13.916401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:50:22.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class\u0027s grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:36:11.924Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-6crx-4g37-7j49",
"discovery": "UNKNOWN"
},
"title": "Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27890",
"datePublished": "2026-04-17T18:14:29.433Z",
"dateReserved": "2026-02-24T15:19:29.716Z",
"dateUpdated": "2026-04-17T18:50:22.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28212 (GCVE-0-2026-28212)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:05 – Updated: 2026-04-17 18:10
VLAI?
Title
Firebird has potential server crash via null pointer dereference when processing op_slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:10:29.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-9884-9qm3-hqch",
"discovery": "UNKNOWN"
},
"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28212",
"datePublished": "2026-04-17T18:05:25.854Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-17T18:10:29.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65104 (GCVE-0-2025-65104)
Vulnerability from cvelistv5 – Published: 2026-04-17 17:47 – Updated: 2026-04-17 18:25
VLAI?
Title
Firebird: Information leak vulnerability in firebird3 client when used with newer server
Summary
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
Severity ?
7.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 4.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:25:02.873225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:25:11.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T17:47:42.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0"
}
],
"source": {
"advisory": "GHSA-mfpr-9886-xjhg",
"discovery": "UNKNOWN"
},
"title": "Firebird: Information leak vulnerability in firebird3 client when used with newer server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65104",
"datePublished": "2026-04-17T17:47:42.109Z",
"dateReserved": "2025-11-17T20:55:34.693Z",
"dateUpdated": "2026-04-17T18:25:11.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24975 (GCVE-0-2025-24975)
Vulnerability from cvelistv5 – Published: 2025-08-15 15:11 – Updated: 2025-08-20 19:50
VLAI?
Title
Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity ?
7.1 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 6.0.0.609
Affected: < 5.0.2.1610 Affected: < 4.0.6.3183 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:09:49.364643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:09:59.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-20T19:50:53.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.0.609"
},
{
"status": "affected",
"version": "\u003c 5.0.2.1610"
},
{
"status": "affected",
"version": "\u003c 4.0.6.3183"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:11:29.986Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8429"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
}
],
"source": {
"advisory": "GHSA-fx9r-rj68-7p69",
"discovery": "UNKNOWN"
},
"title": "Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24975",
"datePublished": "2025-08-15T15:11:29.986Z",
"dateReserved": "2025-01-29T15:18:03.211Z",
"dateUpdated": "2025-08-20T19:50:53.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54989 (GCVE-0-2025-54989)
Vulnerability from cvelistv5 – Published: 2025-08-15 15:04 – Updated: 2025-11-03 18:13
VLAI?
Title
Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability
Summary
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.13
Affected: < 4.0.6 Affected: < 5.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:08:23.768876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:08:38.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:39.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.13"
},
{
"status": "affected",
"version": "\u003c 4.0.6"
},
{
"status": "affected",
"version": "\u003c 5.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:04:19.097Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8554",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8554"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25"
}
],
"source": {
"advisory": "GHSA-7qp6-hqxj-pjjp",
"discovery": "UNKNOWN"
},
"title": "Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54989",
"datePublished": "2025-08-15T15:04:19.097Z",
"dateReserved": "2025-08-04T17:34:24.419Z",
"dateUpdated": "2025-11-03T18:13:39.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41038 (GCVE-0-2023-41038)
Vulnerability from cvelistv5 – Published: 2024-03-20 14:22 – Updated: 2024-08-13 16:44
VLAI?
Title
Server crash when using specific form of SET BIND statement
Summary
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 4.0.0, < 4.0.4.2981
Affected: >= 5.0 beta1, < 5.0.0.1176 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firebird",
"vendor": "firebirdsql",
"versions": [
{
"lessThan": "4.0.4.2981",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.0.1176",
"status": "affected",
"version": "5.0_beta1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:37:40.792401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:44:27.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4.2981"
},
{
"status": "affected",
"version": "\u003e= 5.0 beta1, \u003c 5.0.0.1176"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:22:50.484Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"source": {
"advisory": "GHSA-6fv8-8rwr-9692",
"discovery": "UNKNOWN"
},
"title": "Server crash when using specific form of SET BIND statement"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41038",
"datePublished": "2024-03-20T14:22:50.484Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-08-13T16:44:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11509 (GCVE-0-2017-11509)
Vulnerability from cvelistv5 – Published: 2018-03-28 17:00 – Updated: 2024-09-16 22:24
VLAI?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Severity ?
No CVSS data available.
CWE
- Authenticated Remote Code Execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Firebird Foundation | Firebird SQL Server |
Affected:
2.5.7
Affected: 3.0.2 |
Date Public ?
2017-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firebird SQL Server",
"vendor": "Firebird Foundation",
"versions": [
{
"status": "affected",
"version": "2.5.7"
},
{
"status": "affected",
"version": "3.0.2"
}
]
}
],
"datePublic": "2017-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T13:06:10.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2017-11-21T00:00:00",
"ID": "CVE-2017-11509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firebird SQL Server",
"version": {
"version_data": [
{
"version_value": "2.5.7"
},
{
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "Firebird Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2017-11509",
"datePublished": "2018-03-28T17:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6369 (GCVE-0-2017-6369)
Vulnerability from cvelistv5 – Published: 2017-03-24 10:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T16:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3824",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5474",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3929-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6369",
"datePublished": "2017-03-24T10:00:00.000Z",
"dateReserved": "2017-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1569 (GCVE-0-2016-1569)
Vulnerability from cvelistv5 – Published: 2016-01-13 15:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2016-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5068",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"name": "http://sourceforge.net/p/firebird/code/62783/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1569",
"datePublished": "2016-01-13T15:00:00.000Z",
"dateReserved": "2016-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9323 (GCVE-0-2014-9323)
Vulnerability from cvelistv5 – Published: 2014-12-16 18:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2014-12-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"name": "MDVSA-2015:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"name": "openSUSE-SU-2014:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T16:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"name": "MDVSA-2015:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"name": "openSUSE-SU-2014:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3109",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"name": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"name": "MDVSA-2015:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-4630",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"name": "openSUSE-SU-2014:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0523.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"name": "USN-3929-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3929-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9323",
"datePublished": "2014-12-16T18:00:00.000Z",
"dateReserved": "2014-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:24.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2492 (GCVE-0-2013-2492)
Vulnerability from cvelistv5 – Published: 2013-03-15 14:00 – Updated: 2024-08-06 15:36
VLAI?
Summary
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2013-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201512-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"name": "openSUSE-SU-2013:0496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"name": "58393",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58393"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"name": "openSUSE-SU-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"name": "DSA-2647",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201512-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"name": "openSUSE-SU-2013:0496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"name": "58393",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58393"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"name": "openSUSE-SU-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"name": "DSA-2647",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201512-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-11"
},
{
"name": "https://gist.github.com/zeroSteiner/85daef257831d904479c",
"refsource": "MISC",
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"name": "openSUSE-SU-2013:0496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"name": "58393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58393"
},
{
"name": "DSA-2648",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-4058",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"name": "openSUSE-SU-2013:0504",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"name": "DSA-2647",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2492",
"datePublished": "2013-03-15T14:00:00.000Z",
"dateReserved": "2013-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:36:46.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5529 (GCVE-0-2012-5529)
Vulnerability from cvelistv5 – Published: 2012-11-20 00:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2012-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027769"
},
{
"name": "firebird-tracedsqlprepareprepare-dos(80073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80073"
},
{
"name": "56521",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56521"
},
{
"name": "[oss-security] 20121114 CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-3884"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"name": "[oss-security] 20121114 Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1027769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027769"
},
{
"name": "firebird-tracedsqlprepareprepare-dos(80073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80073"
},
{
"name": "56521",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56521"
},
{
"name": "[oss-security] 20121114 CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-3884"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"name": "[oss-security] 20121114 Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5529",
"datePublished": "2012-11-20T00:00:00.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:47.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2620 (GCVE-0-2009-2620)
Vulnerability from cvelistv5 – Published: 2009-07-29 17:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2009-07-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:55.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35842"
},
{
"name": "FEDORA-2009-8317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"name": "9295",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"name": "FEDORA-2009-8340",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35842"
},
{
"name": "FEDORA-2009-8317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"name": "9295",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"name": "FEDORA-2009-8340",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35842"
},
{
"name": "FEDORA-2009-8317",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"name": "http://www.coresecurity.com/content/firebird-sql-dos",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"name": "9295",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"name": "FEDORA-2009-8340",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=514463",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-2563",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2620",
"datePublished": "2009-07-29T17:00:00.000Z",
"dateReserved": "2009-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:59:55.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0467 (GCVE-0-2008-0467)
Vulnerability from cvelistv5 – Published: 2008-01-29 01:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "28596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"name": "firebird-username-bo(39981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
},
{
"name": "1019277",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "ADV-2008-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"name": "27467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27467"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "28596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"name": "firebird-username-bo(39981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
},
{
"name": "1019277",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "ADV-2008-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"name": "27467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27467"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"name": "29203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29203"
},
{
"name": "28596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28596"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1603",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"name": "firebird-username-bo(39981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
},
{
"name": "1019277",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019277"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "ADV-2008-0300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"name": "27467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27467"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0467",
"datePublished": "2008-01-29T01:00:00.000Z",
"dateReserved": "2008-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:55.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0387 (GCVE-0-2008-0387)
Vulnerability from cvelistv5 – Published: 2008-01-29 01:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2008-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "firebird-xdrprotocol-integer-overflow(39996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "20080128 CORE-2007-1219: Firebird Remote Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "3580",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3580"
},
{
"name": "27403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "firebird-xdrprotocol-integer-overflow(39996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "20080128 CORE-2007-1219: Firebird Remote Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "3580",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3580"
},
{
"name": "27403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "29203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29203"
},
{
"name": "firebird-xdrprotocol-integer-overflow(39996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2095",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "20080128 CORE-2007-1219: Firebird Remote Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "3580",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3580"
},
{
"name": "27403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27403"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1681",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0387",
"datePublished": "2008-01-29T01:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:55.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4992 (GCVE-0-2007-4992)
Vulnerability from cvelistv5 – Published: 2007-10-11 00:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2007-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "firebirdsql-processpacket-bo(37079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
},
{
"name": "1018802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018802"
},
{
"name": "26011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26011"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27982"
},
{
"name": "20071010 ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "firebirdsql-processpacket-bo(37079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
},
{
"name": "1018802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018802"
},
{
"name": "26011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26011"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27982"
},
{
"name": "20071010 ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firebirdsql-processpacket-bo(37079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
},
{
"name": "1018802",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018802"
},
{
"name": "26011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26011"
},
{
"name": "GLSA-200712-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195569",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"name": "27982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27982"
},
{
"name": "20071010 ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4992",
"datePublished": "2007-10-11T00:00:00.000Z",
"dateReserved": "2007-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:17:27.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5245 (GCVE-0-2007-5245)
Vulnerability from cvelistv5 – Published: 2007-10-06 17:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2007-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "28635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/exploit/18/"
},
{
"name": "firebird-attach-connect-bo(36957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
},
{
"name": "ADV-2007-3380",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "27066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "28635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/exploit/18/"
},
{
"name": "firebird-attach-connect-bo(36957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
},
{
"name": "ADV-2007-3380",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "27066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "28635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28635"
},
{
"name": "http://risesecurity.org/blog/entry/3/",
"refsource": "MISC",
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "http://risesecurity.org/exploit/18/",
"refsource": "MISC",
"url": "http://risesecurity.org/exploit/18/"
},
{
"name": "firebird-attach-connect-bo(36957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
},
{
"name": "ADV-2007-3380",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"name": "25925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "27066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27066"
},
{
"name": "http://www.risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5245",
"datePublished": "2007-10-06T17:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5246 (GCVE-0-2007-5246)
Vulnerability from cvelistv5 – Published: 2007-10-06 17:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2007-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "27057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27057"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "ADV-2007-3379",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"name": "firebird-attach-create-bo(36958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/exploit/16/"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/exploit/17/"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27982"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "27057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27057"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "ADV-2007-3379",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"name": "firebird-attach-create-bo(36958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/exploit/16/"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/exploit/17/"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27982"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "27057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27057"
},
{
"name": "http://risesecurity.org/blog/entry/3/",
"refsource": "MISC",
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "ADV-2007-3379",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"name": "firebird-attach-create-bo(36958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
},
{
"name": "http://risesecurity.org/exploit/16/",
"refsource": "MISC",
"url": "http://risesecurity.org/exploit/16/"
},
{
"name": "GLSA-200712-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195569",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "25925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "http://risesecurity.org/exploit/17/",
"refsource": "MISC",
"url": "http://risesecurity.org/exploit/17/"
},
{
"name": "27982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27982"
},
{
"name": "http://www.risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5246",
"datePublished": "2007-10-06T17:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4666 (GCVE-0-2007-4666)
Vulnerability from cvelistv5 – Published: 2007-09-04 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2007-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"name": "firebird-unspecified-network-dos(36355)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via \"large network packets with garbage\", aka CORE-1397."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"name": "firebird-unspecified-network-dos(36355)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via \"large network packets with garbage\", aka CORE-1397."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1397",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"name": "firebird-unspecified-network-dos(36355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
},
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4666",
"datePublished": "2007-09-04T22:00:00.000Z",
"dateReserved": "2007-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4665 (GCVE-0-2007-4665)
Vulnerability from cvelistv5 – Published: 2007-09-04 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2007-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"name": "firebird-xnet-dos(36353)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"name": "firebird-xnet-dos(36353)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1403",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "firebird-xnet-dos(36353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4665",
"datePublished": "2007-09-04T22:00:00.000Z",
"dateReserved": "2007-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4667 (GCVE-0-2007-4667)
Vulnerability from cvelistv5 – Published: 2007-09-04 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2007-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "firebird-serviceapi-dos(36356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "firebird-serviceapi-dos(36356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firebird-serviceapi-dos(36356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
},
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1149",
"refsource": "MISC",
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4667",
"datePublished": "2007-09-04T22:00:00.000Z",
"dateReserved": "2007-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:10.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4664 (GCVE-0-2007-4664)
Vulnerability from cvelistv5 – Published: 2007-09-04 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Date Public ?
2007-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"name": "firebird-maxpathlen-unspecified(36359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"name": "firebird-maxpathlen-unspecified(36359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1405",
"refsource": "MISC",
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"name": "firebird-maxpathlen-unspecified(36359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4664",
"datePublished": "2007-09-04T22:00:00.000Z",
"dateReserved": "2007-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4668 (GCVE-0-2007-4668)
Vulnerability from cvelistv5 – Published: 2007-09-04 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2007-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other \"file access,\" via unknown vectors, aka CORE-1312."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other \"file access,\" via unknown vectors, aka CORE-1312."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1312",
"refsource": "MISC",
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4668",
"datePublished": "2007-09-04T22:00:00.000Z",
"dateReserved": "2007-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4669 (GCVE-0-2007-4669)
Vulnerability from cvelistv5 – Published: 2007-09-04 22:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2007-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1148",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4669",
"datePublished": "2007-09-04T22:00:00.000Z",
"dateReserved": "2007-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}