Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0281Improper Restriction of Operations within the Bounds of a Memory Buffer in Firebird

6 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 68.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Firebirdsql Firebird
Timeline
PublishedJun 16
Latest updateApr 29

Description

Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mfmv-r22j-p43j: Buffer overflow in Firebird 12022-04-29
CVEList
CVE-2003-0281: Buffer overflow in Firebird 12003-05-14

💥Exploits & PoCs

3
Exploit-DB
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Local Privilege Escalation2003-05-12
Exploit-DB
Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)2002-06-18
Exploit-DB
Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (1)2002-06-15
CVE-2003-0281 — Firebirdsql Firebird vulnerability | cvebase