Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0387Out-of-bounds Write in Firebird

CWE-1894 documents4 sources
Severity
7.8HIGHNVD
EPSS
59.9%
top 1.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Firebirdsql Firebird
Timeline
PublishedJan 29
Latest updateMay 1

Description

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDfirebirdsql/firebird1.51.5.6+3

🔴Vulnerability Details

2
GHSA
GHSA-qg6p-6xqq-gh7c: Integer overflow in Firebird SQL 12022-05-01
CVEList
CVE-2008-0387: Integer overflow in Firebird SQL 12008-01-29

💥Exploits & PoCs

1
Exploit-DB
Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption2008-01-28
CVE-2008-0387 — Out-of-bounds Write in Firebird | cvebase