CVE-2007-5246Improper Restriction of Operations within the Bounds of a Memory Buffer in Firebird

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
23.9%
top 3.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Firebirdsql Firebird
Timeline
PublishedOct 6
Latest updateMay 1

Description

Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDfirebirdsql/firebird2.0.0.12748, 2.0.1.12855+1

🔴Vulnerability Details

2
GHSA
GHSA-f92g-3pmp-x3pm: Multiple stack-based buffer overflows in Firebird LI 22022-05-01
CVEList
CVE-2007-5246: Multiple stack-based buffer overflows in Firebird LI 22007-10-06
CVE-2007-5246 — Firebirdsql Firebird vulnerability | cvebase