Description
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- FirebirdSQL / firebird>= 4.0.0, < 4.0.4.2981 – >= 4.0.0, < 4.0.4.2981
- FirebirdSQL / firebird>= 5.0 beta1, < 5.0.0.1176 – >= 5.0 beta1, < 5.0.0.1176