Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2008-0387

Published: 29/01/2008 Updated: 26/10/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Firebirdsql

Vulnerability Summary

Integer overflow in Firebird SQL 1.0.3 and previous versions, 1.5.x prior to 1.5.6, 2.0.x prior to 2.0.4, and 2.1.x prior to 2.1.0 RC1 might allow remote malicious users to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

firebirdsql firebird

firebirdsql firebird 2.1.0

Exploits

Exploit DB: Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption
source: wwwsecurityfocuscom/bid/27403/info Firebird is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun Attackers may exploit this issue to overflow a buffer and to corrupt process memory Attackers may be able to execute arbitrary machine code in the context of an affected applica ...
Exploit DB: Core Security Technologies Advisory 2007.1219
Core Security Technologies Advisory - The Firebird database manager contains an integer overflow in the processing of certain tags on the XDR protocol used for communication with the server Version vulnerable include Firebird SQL 103 and before, 155 and before, 203 and before, and 210 Beta 2 and before ...

References

CWE-189http://www.coresecurity.com/?action=item&id=2095http://tracker.firebirdsql.org/browse/CORE-1681http://www.securityfocus.com/bid/27403http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800http://security.gentoo.org/glsa/glsa-200803-02.xmlhttp://secunia.com/advisories/29203http://www.debian.org/security/2008/dsa-1529http://secunia.com/advisories/29501http://securityreason.com/securityalert/3580https://exchange.xforce.ibmcloud.com/vulnerabilities/39996http://www.securityfocus.com/archive/1/487173/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/31050/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook