cbcvebase.
CVE-2007-3181
published 2007-06-12

CVE-2007-3181: Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct…

PriorityP258critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
13.21%
95.9th percentile
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."

Affected

2 ranges
VendorProductVersion rangeFixed in
bakbonenetvault
firebirdsqlfirebird<= 2.0.0

Detection & IOCsextracted from sources · hover to see the quote

port3050/tcp
filenamefbserver.exe
commandconnect (0x01) request with large p_cnct_count value in p_cnct structure
  • Monitor for abnormally large p_cnct_count values in Firebird connect (opcode 0x01) requests on port 3050/tcp; the p_cnct_versions array only supports 10 entries, so a p_cnct_count exceeding 10 is anomalous and indicative of exploitation.
  • Inspect Firebird protocol traffic on 3050/tcp for connect requests (opcode 0x01) where the p_cnct_count field value is larger than 10 (the fixed array size of p_cnct_versions[10]), which triggers the buffer overflow in fbserver.exe.
  • Unexpected crashes or restarts of fbserver.exe following inbound connections on 3050/tcp may indicate failed exploitation attempts (denial of service).
  • ·Only Firebird SQL 2.0 (before 2.0.1) is confirmed vulnerable; the fix is to upgrade to 2.0.1 or later. Previous versions may also be affected.
  • ·The vulnerability is specifically in fbserver.exe and is related to the InterBase version of gds32.dll; deployments using these components on exposed port 3050/tcp are at risk.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.