5
CVE-2009-2620
- EPSS 8.63%
- Veröffentlicht 29.07.2009 17:30:01
- Zuletzt bearbeitet 16.06.2026 23:09:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Firebirdsql ≫ Firebird Version >= 1.5 < 1.5.6
Firebirdsql ≫ Firebird Version >= 2.0.0 < 2.0.6
Firebirdsql ≫ Firebird Version >= 2.1 < 2.1.3
Firebirdsql ≫ Firebird Version2.5.0 Update-
Firebirdsql ≫ Firebird Version2.5.0 Updatealpha1
Firebirdsql ≫ Firebird Version2.5.0 Updatebeta1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.63% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://tracker.firebirdsql.org/browse/CORE-2563
http://www.coresecurity.com/content/firebird-sql-dos
http://www.exploit-db.com/exploits/9295
http://www.securityfocus.com/bid/35842
https://bugzilla.redhat.com/show_bug.cgi?id=514463
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html