CVE-2007-4664 — Improper Input Validation in Firebird

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 21.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Firebirdsql Firebird

Timeline

PublishedSep 4

Latest updateMay 1

Description

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfirebirdsql/firebird2.0.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hrp4-6cpf-rhjm: Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2↗2022-05-01

▶

CVEList

CVE-2007-4664: Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2↗2007-09-04

▶