Published: 16/12/2014 Updated: 05/03/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The xdr_status_vector function in Firebird prior to 2.1.7 and 2.5.x prior to 2.5.3 SU1 allows remote malicious users to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

Vulnerable Product	Search on Vulmon	Subscribe to Product
firebirdsql firebird
opensuse evergreen 11.4
debian debian linux 7.0
debian debian linux 8.0
canonical ubuntu linux 14.04

Debian Bug report logs - #772880 firebird25: CVE-2014-9323: Segfault in server caused by malformed network packet Package: src:firebird25; Maintainer for src:firebird25 is Debian Firebird Group <pkg-firebird-general@listsaliothdebianorg>; Reported by: Damyan Ivanov <dmn@debianorg> Date: Thu, 11 Dec 2014 22:06:0 ...

Several security issues were fixed in Firebird ...

Dmitry Kovalenko discovered that the Firebird database server is prone to a denial of service vulnerability An unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash For the stable distribution (wheezy), this problem has been fixed in version 25226540ds4-1~deb7u2 For ...

CWE-476 http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html http://tracker.firebirdsql.org/browse/CORE-4630 http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/http://www.mandriva.com/security/advisories?name=MDVSA-2015:172 http://advisories.mageia.org/MGASA-2014-0523.html http://www.debian.org/security/2014/dsa-3109 https://usn.ubuntu.com/3929-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772880 https://usn.ubuntu.com/3929-1/https://nvd.nist.gov

CVE-2014-9323

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect