CVE-2023-41038

Name of the Vulnerable Software and Affected Versions Firebird versions 4.0.0 through 4.0.3 Firebird version 5.0 beta1

Description The issue is related to a server crash when a user uses a specific form of SET BIND statement with a long CHAR length, causing stack corruption. This can be exploited by any non-privileged user with minimum access to the server, potentially leading to a denial of service.

Recommendations For Firebird versions 4.0.0 through 4.0.3, update to version 4.0.4.2981 or later. For Firebird version 5.0 beta1, update to version 5.0.0.117 or later. As a temporary workaround, consider restricting access to the SET BIND statement to minimize the risk of exploitation.