CVE-2007-3527 — Infinite Loop in Firebird

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.3%

top 20.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Firebirdsql Firebird

Timeline

PublishedJul 3

Latest updateMay 1

Description

Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

▶NVDfirebirdsql/firebird2.0.0

Patches

Patch: www.firebirdsql.org ↗Patch: www.firebirdsql.org ↗

🔴Vulnerability Details

GHSA

GHSA-8375-gg7c-7cc8: Integer overflow in Firebird 2↗2022-05-01

▶

CVEList

CVE-2007-3527: Integer overflow in Firebird 2↗2007-07-03

▶