CVE-2012-5529
published 2012-11-20CVE-2012-5529: TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and…
PriorityP414low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
1.84%
76.3th percentile
TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| firebirdsql | firebird | — | — |
| firebirdsql | firebird | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled [epel-6]
bugzilla·2012-11-14·CVSS 3.5
CVE-2012-5529 [LOW] CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled [epel-6]
CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field whe
Bugzilla
CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
bugzilla·2012-11-14·CVSS 3.5
CVE-2012-5529 [LOW] CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
A denial of service flaw was found in the way the TraceManager of Firebird, a SQL relational database management system, performed preparation of an empty dynamic SQL query. When the trace mode was enabled, a remote, authenticated database user could use this flaw to cause the Firebird server to crash with a NULL pointer dereference.
References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210
[2] http://tracker.firebirdsql.org/browse/CORE-3884
Relevant upstream patch:
[3] http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision
Discussion:
This issue affects the versions of the firebird package, as shipped with Fedora release of 16
Bugzilla
CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled [fedora-all]
bugzilla·2012-11-14·CVSS 3.5
CVE-2012-5529 [LOW] CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled [fedora-all]
CVE-2012-5529 firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when
http://tracker.firebirdsql.org/browse/CORE-3884http://www.debian.org/security/2013/dsa-2648http://www.openwall.com/lists/oss-security/2012/11/14/6http://www.openwall.com/lists/oss-security/2012/11/14/8http://www.securityfocus.com/bid/56521http://www.securitytracker.com/id?1027769https://exchange.xforce.ibmcloud.com/vulnerabilities/80073http://tracker.firebirdsql.org/browse/CORE-3884http://www.debian.org/security/2013/dsa-2648http://www.openwall.com/lists/oss-security/2012/11/14/6http://www.openwall.com/lists/oss-security/2012/11/14/8http://www.securityfocus.com/bid/56521http://www.securitytracker.com/id?1027769https://exchange.xforce.ibmcloud.com/vulnerabilities/80073
2012-11-20
Published