CVE-2008-0387
8.1 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.924 High
EPSS
Percentile
99.0%
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
References
secunia.com/advisories/29203
secunia.com/advisories/29501
security.gentoo.org/glsa/glsa-200803-02.xml
securityreason.com/securityalert/3580
sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
tracker.firebirdsql.org/browse/CORE-1681
www.coresecurity.com/?action=item&id=2095
www.debian.org/security/2008/dsa-1529
www.securityfocus.com/archive/1/487173/100/0/threaded
www.securityfocus.com/bid/27403
exchange.xforce.ibmcloud.com/vulnerabilities/39996
Related
8.1 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.924 High
EPSS
Percentile
99.0%