Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3181 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Firebird

5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

29.2%

top 3.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Firebirdsql Firebird Bakbone Netvault

Timeline

PublishedJun 12

Latest updateMay 1

Description

Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDfirebirdsql/firebird2.0.0

▶NVDbakbone/netvault6.x

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-c2r6-w3hh-33v8: Buffer overflow in fbserver↗2022-05-01

▶

CVEList

CVE-2007-3181: Buffer overflow in fbserver↗2007-06-12

▶

💥Exploits & PoCs

Exploit-DB

Firebird SQL Fbserver 2.0 - Remote Buffer Overflow↗2007-06-12

▶

Exploit-DB

Apple Mac OSX 10.4.8 - 'UserNotificationCenter' Local Privilege Escalation↗2007-01-23

▶