CVE-2023-41038Allocation of Resources Without Limits or Throttling in Firebird

CWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 65.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Firebirdsql Firebird
Timeline
PublishedMar 20

Description

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfirebirdsql/firebird4.0.04.0.3+1
CVEListV5firebirdsql/firebird>= 4.0.0, < 4.0.4.2981, >= 5.0 beta1, < 5.0.0.1176+1

🔴Vulnerability Details

2
OSV
CVE-2023-41038: Firebird is a relational database2024-03-20
CVEList
Server crash when using specific form of SET BIND statement2024-03-20

📋Vendor Advisories

1
Debian
CVE-2023-41038: firebird3.0 - Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 ...2023
CVE-2023-41038 — Firebirdsql Firebird vulnerability | cvebase