Published: 20/11/2012 Updated: 29/08/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.

Vulnerable Product	Search on Vulmon	Subscribe to Product
firebirdsql firebird 2.5.0
firebirdsql firebird 2.5.1

Debian Bug report logs - #693210 server crash on prearing an empty query with tracing enabled Package: src:firebird25; Maintainer for src:firebird25 is Debian Firebird Group <pkg-firebird-general@listsaliothdebianorg>; Reported by: Damyan Ivanov <dmn@debianorg> Date: Wed, 14 Nov 2012 09:39:01 UTC Severity: impo ...

A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code In addition, a denial of service vulnerability was discovered in the TraceManager For the stable distribution (squeeze), these problems have been fixed in version 25026054~ReleaseCandidate3ds2-1+squeeze1 For the testing dis ...

CWE-399 http://www.securitytracker.com/id?1027769 http://www.openwall.com/lists/oss-security/2012/11/14/6 http://www.securityfocus.com/bid/56521 http://www.openwall.com/lists/oss-security/2012/11/14/8 http://tracker.firebirdsql.org/browse/CORE-3884 http://www.debian.org/security/2013/dsa-2648 https://exchange.xforce.ibmcloud.com/vulnerabilities/80073 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 https://www.debian.org/security/./dsa-2648

CVE-2012-5529

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect