CVE Vulnerability

CVE-2008-0387

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.coresecurity.com/?action=item&id=2095 Third Party Advisory
http://tracker.firebirdsql.org/browse/CORE-1681 Vendor Advisory
http://www.securityfocus.com/bid/27403 Third Party Advisory VDB Entry
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200803-02.xml Third Party Advisory
http://secunia.com/advisories/29203 Third Party Advisory
http://www.debian.org/security/2008/dsa-1529 Third Party Advisory
http://secunia.com/advisories/29501 Third Party Advisory
http://securityreason.com/securityalert/3580 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39996 Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/487173/100/0/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
Information

Published : 2008-01-29 02:00

Updated : 2018-10-26 02:19

NVD link : CVE-2008-0387

Mitre link : CVE-2008-0387

Products Affected
No products.
CWE
CWE-189