CVE-2014-9323
published 2014-12-16CVE-2014-9323: The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.90%
85.2th percentile
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| firebirdsql | firebird | < 2.1.7 | 2.1.7 |
| firebirdsql | firebird | 2.5 – 2.5.3 | — |
| opensuse | evergreen | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2hhr-r74q-p8fq: The xdr_status_vector function in Firebird before 2
ghsa_unreviewed·2022-05-13
CVE-2014-9323 [MEDIUM] CWE-476 GHSA-2hhr-r74q-p8fq: The xdr_status_vector function in Firebird before 2
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
OSV
firebird2.5 vulnerabilities
osv·2019-04-02·CVSS 5.0
CVE-2014-9323 [MEDIUM] firebird2.5 vulnerabilities
firebird2.5 vulnerabilities
It was discovered that Firebird incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue with a specially
crafted network packet to cause Firebird to crash, resulting in a denial of
service.
(CVE-2014-9323)
It was discovered that Firebird incorrectly handled certain UDF libraries.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2017-6369)
OSV
CVE-2014-9323: The xdr_status_vector function in Firebird before 2
osv·2014-12-16·CVSS 5.0
CVE-2014-9323 [MEDIUM] CVE-2014-9323: The xdr_status_vector function in Firebird before 2
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
Ubuntu
Firebird vulnerabilities
vendor_ubuntu·2019-04-02·CVSS 5.0
CVE-2014-9323 [MEDIUM] Firebird vulnerabilities
Title: Firebird vulnerabilities
Summary: Several security issues were fixed in Firebird.
It was discovered that Firebird incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue with a specially
crafted network packet to cause Firebird to crash, resulting in a denial of
service.
(CVE-2014-9323)
It was discovered that Firebird incorrectly handled certain UDF libraries.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2017-6369)
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
http://advisories.mageia.org/MGASA-2014-0523.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.htmlhttp://tracker.firebirdsql.org/browse/CORE-4630http://www.debian.org/security/2014/dsa-3109http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/http://www.mandriva.com/security/advisories?name=MDVSA-2015:172https://usn.ubuntu.com/3929-1/http://advisories.mageia.org/MGASA-2014-0523.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.htmlhttp://tracker.firebirdsql.org/browse/CORE-4630http://www.debian.org/security/2014/dsa-3109http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/http://www.mandriva.com/security/advisories?name=MDVSA-2015:172https://usn.ubuntu.com/3929-1/
2014-12-16
Published