CVE-2008-0387

critical

Description

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39996

http://www.securityfocus.com/bid/27403

http://www.securityfocus.com/archive/1/487173/100/0/threaded

http://www.debian.org/security/2008/dsa-1529

http://www.coresecurity.com/?action=item&id=2095

http://tracker.firebirdsql.org/browse/CORE-1681

http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800

http://securityreason.com/securityalert/3580

http://security.gentoo.org/glsa/glsa-200803-02.xml

http://secunia.com/advisories/29501

http://secunia.com/advisories/29203

Details

Source: Mitre, NVD

Published: 2008-01-29

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical