Description
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
CVSS Metrics
- Vector
- AV:N/AC:L/Au:N/C:N/I:N/A:C
- Access Vector
- network
- Access Cmplx
- low
- Auth
- none
- Confidentiality
- none
- Integrity
- none
- Availability
- complete
- Weaknesses
- CWE-189
Metadata
- Primary Vendor
- FIREBIRDSQL
- Published
- 1/29/2008
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
firebirdsql : firebirdfirebirdsql : firebirdfirebirdsql : firebirdfirebirdsql : firebird
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.