Vulnerability Details CVE-2008-0387
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.599
EPSS Ranking 98.1%
CVSS Severity
CVSS v2 Score 7.8
References
- http://secunia.com/advisories/29203
- http://secunia.com/advisories/29501
- http://security.gentoo.org/glsa/glsa-200803-02.xml
- http://securityreason.com/securityalert/3580
- http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
- http://tracker.firebirdsql.org/browse/CORE-1681
- http://www.coresecurity.com/?action=item&id=2095
- http://www.debian.org/security/2008/dsa-1529
- http://www.securityfocus.com/archive/1/487173/100/0/threaded
- http://www.securityfocus.com/bid/27403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39996
- http://secunia.com/advisories/29203
- http://secunia.com/advisories/29501
- http://security.gentoo.org/glsa/glsa-200803-02.xml
- http://securityreason.com/securityalert/3580
- http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
- http://tracker.firebirdsql.org/browse/CORE-1681
- http://www.coresecurity.com/?action=item&id=2095
- http://www.debian.org/security/2008/dsa-1529
- http://www.securityfocus.com/archive/1/487173/100/0/threaded
- http://www.securityfocus.com/bid/27403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39996
Products affected by CVE-2008-0387
-
cpe:2.3:a:firebirdsql:firebird:-
-
cpe:2.3:a:firebirdsql:firebird:1.0
-
cpe:2.3:a:firebirdsql:firebird:1.0.2
-
cpe:2.3:a:firebirdsql:firebird:1.0.3
-
cpe:2.3:a:firebirdsql:firebird:1.5
-
cpe:2.3:a:firebirdsql:firebird:1.5.0.4306
-
cpe:2.3:a:firebirdsql:firebird:1.5.1
-
cpe:2.3:a:firebirdsql:firebird:1.5.2
-
cpe:2.3:a:firebirdsql:firebird:1.5.2.4731
-
cpe:2.3:a:firebirdsql:firebird:1.5.3.4870
-
cpe:2.3:a:firebirdsql:firebird:1.5.4.4910
-
cpe:2.3:a:firebirdsql:firebird:1.5.5
-
cpe:2.3:a:firebirdsql:firebird:2.0.0
-
cpe:2.3:a:firebirdsql:firebird:2.0.0.12748
-
cpe:2.3:a:firebirdsql:firebird:2.0.1
-
cpe:2.3:a:firebirdsql:firebird:2.0.1.12855
-
cpe:2.3:a:firebirdsql:firebird:2.0.2
-
cpe:2.3:a:firebirdsql:firebird:2.0.3
-
cpe:2.3:a:firebirdsql:firebird:2.1.0