Firebirdsql : Security Vulnerabilities, CVEs, Published In 2007 CVSS score >= 6
Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.
Max CVSS
10.0
EPSS Score
37.27%
Published
2007-10-06
Updated
2018-10-15
Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function.
Max CVSS
10.0
EPSS Score
4.98%
Published
2007-10-06
Updated
2018-10-15
Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.
Max CVSS
10.0
EPSS Score
38.71%
Published
2007-10-11
Updated
2018-10-15
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
Max CVSS
7.5
EPSS Score
1.71%
Published
2007-09-04
Updated
2017-07-29
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
Max CVSS
6.8
EPSS Score
0.98%
Published
2007-07-03
Updated
2012-10-31
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
Max CVSS
10.0
EPSS Score
32.73%
Published
2007-06-12
Updated
2017-07-29
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
Max CVSS
7.8
EPSS Score
0.36%
Published
2007-05-11
Updated
2018-10-16
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
Max CVSS
7.8
EPSS Score
1.07%
Published
2007-06-29
Updated
2008-09-05
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
Max CVSS
6.8
EPSS Score
0.29%
Published
2007-06-29
Updated
2008-09-05
9 vulnerabilities found