CVE-2008-0387: Integer Overflow
First published: Tue Jan 29 2008(Updated: )
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firebirdsql Firebird | <=1.0.3 | |
| Firebirdsql Firebird | >=2.0.0<2.0.4 | |
| Firebirdsql Firebird | =2.1.0 | |
| Firebirdsql Firebird | >=1.5<1.5.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.coresecurity.com/?action=item&id=2095
- http://tracker.firebirdsql.org/browse/CORE-1681
- http://www.securityfocus.com/bid/27403
- http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
- http://security.gentoo.org/glsa/glsa-200803-02.xml
- http://secunia.com/advisories/29203
- http://www.debian.org/security/2008/dsa-1529
- http://secunia.com/advisories/29501
- http://securityreason.com/securityalert/3580
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39996
- http://www.securityfocus.com/archive/1/487173/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/firebirdsql
- canonical/firebirdsql firebird
- version/firebirdsql firebird/1.0.3
- version/firebirdsql firebird/2.0.0
- version/firebirdsql firebird/2.1.0
- version/firebirdsql firebird/1.5