Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2043Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Interbase

6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
47.5%
top 2.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Borland Software InterbaseBorland Software Interbase SuperserverFirebirdsql Firebird
Timeline
PublishedMay 1
Latest updateApr 29

Description

Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDborland_software/interbase7 versions+6

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-grgp-hrrx-jxvp: Buffer overflow in ibserver for Firebird Database 12022-04-29
CVEList
CVE-2004-2043: Buffer overflow in ibserver for Firebird Database 12005-05-10

💥Exploits & PoCs

2
Exploit-DB
Borland Interbase 7.x - Remote Buffer Overflow2004-06-25
Exploit-DB
Firebird 1.0 - Remote Database Name Buffer Overrun2004-06-01
CVE-2004-2043 — Software Interbase vulnerability | cvebase