PT-2009-5020 · Firebird · Firebird Sql

Francisco Falcon

Published

2009-07-29

Updated

2025-10-10

CVE-2009-2620

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Firebird SQL versions 1.5 through 1.5.5 Firebird SQL versions 2.0 through 2.0.5 Firebird SQL versions 2.1 through 2.1.2 Firebird SQL versions 2.5 through 2.5 Beta 1

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending a malformed op connect request message, which can trigger an infinite loop or a NULL pointer dereference in the src/remote/server.cpp component of fbserver.exe.

Recommendations For Firebird SQL versions 1.5 through 1.5.5, update to version 1.5.6 or later. For Firebird SQL versions 2.0 through 2.0.5, update to version 2.0.6 or later. For Firebird SQL versions 2.1 through 2.1.2, update to version 2.1.3 or later. For Firebird SQL versions 2.5 through 2.5 Beta 1, update to version 2.5 Beta 2 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-2620

Affected Products

Firebird Sql

PT-2009-5020 · Firebird · Firebird Sql

CVE-2009-2620

Weakness Enumeration

Related Identifiers

Affected Products

References · 11