PT-2009-5020 · Firebird · Firebird Sql
Francisco Falcon
·
Publicado
2009-07-29
·
Atualizado
2025-10-10
·
CVE-2009-2620
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Firebird SQL versions 1.5 through 1.5.5
Firebird SQL versions 2.0 through 2.0.5
Firebird SQL versions 2.1 through 2.1.2
Firebird SQL versions 2.5 through 2.5 Beta 1
Description
The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending a malformed op connect request message, which can trigger an infinite loop or a NULL pointer dereference in the src/remote/server.cpp component of fbserver.exe.
Recommendations
For Firebird SQL versions 1.5 through 1.5.5, update to version 1.5.6 or later.
For Firebird SQL versions 2.0 through 2.0.5, update to version 2.0.6 or later.
For Firebird SQL versions 2.1 through 2.1.2, update to version 2.1.3 or later.
For Firebird SQL versions 2.5 through 2.5 Beta 1, update to version 2.5 Beta 2 or later.
Exploit
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Firebird Sql