CVE-2013-2492

Name of the Vulnerable Software and Affected Versions Firebird versions 2.1.3 through 2.1.5 Firebird versions 2.5.1 through 2.5.3

Description The issue is caused by a stack-based buffer overflow in the Firebird database management system. This can be exploited by a remote attacker who sends a specially crafted TCP packet to port 3050, potentially allowing the execution of arbitrary code. The vulnerability is related to a missing size check during the extraction of a group number from CNCT information.

Recommendations For Firebird versions 2.1.3 through 2.1.5, update to a version after 18514 to resolve the issue. For Firebird versions 2.5.1 through 2.5.3, update to a version after 26623 to resolve the issue. As a temporary workaround, consider restricting access to TCP port 3050 to minimize the risk of exploitation.