Lucene search

GoogleOSV:CVE-2023-41038

HistoryMar 20, 2024 - 3:15 p.m.

CVE-2023-41038

2024-03-2015:15:07

Google

osv.dev

firebird database

server crash

stack corruption

vulnerability

patch availability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.

CPENameOperatorVersion
firebirdeq4.0.0
firebirdeq4.0.2
firebirdeq4.0.1
firebirdeq4.0.3

Name	Operator	Version
firebird	eq	4.0.0
firebird	eq	4.0.2
firebird	eq	4.0.1
firebird	eq	4.0.3

References

firebirdsql.org/en/snapshot-builds

github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for OSV:CVE-2023-41038