CVE-2014-9323 — NULL Pointer Dereference in Firebird

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.5%

top 18.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Firebirdsql Firebird Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedDec 16

Latest updateMay 13

Description

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDfirebirdsql/firebird2.5 — 2.5.3+1

▶NVDopensuse/evergreen11.4

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 14.04

🔴Vulnerability Details

GHSA

GHSA-2hhr-r74q-p8fq: The xdr_status_vector function in Firebird before 2↗2022-05-13

▶

OSV

firebird2.5 vulnerabilities↗2019-04-02

▶

CVEList

CVE-2014-9323: The xdr_status_vector function in Firebird before 2↗2014-12-16

▶

OSV

CVE-2014-9323: The xdr_status_vector function in Firebird before 2↗2014-12-16

▶

📋Vendor Advisories

Ubuntu

Firebird vulnerabilities↗2019-04-02

▶

💬Community

Bugzilla

CVE-2014-9323 firebird: malformed network packet can cause denial of service↗2014-12-10

▶