CVE-2016-1569

Name of the Vulnerable Software and Affected Versions FireBird version 2.5.5

Description The issue is caused by insufficient input validation in the database management system, allowing a remote authenticated user to cause a denial of service by crashing the daemon. This can be achieved by using the service manager to invoke the gbak utility with an invalid parameter, such as an incorrect username or password. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For FireBird version 2.5.5, as a temporary workaround, consider restricting access to the gbak utility until a patch is available. Avoid using the utility with unvalidated input parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.