CVE-2008-0387
Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Desbordamiento de entero en Firebird SQL 1.0.3 y versiones anteriores, 1.5.x versiones anteriores a 1.5.6, 2.0.x versiones anteriores a 2.0.4, y 2.1.x versiones anteriores a 2.1.0 RC1, podría permitir a atacantes remotos ejecutar código de su elección mediante peticiones manipuladas (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, y (6) op_start_send_and_receive XDR, que disparan corrupción de memoria.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-22 CVE Reserved
- 2008-01-28 CVE Published
- 2008-01-28 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/29203 | Third Party Advisory | |
| http://secunia.com/advisories/29501 | Third Party Advisory | |
| http://securityreason.com/securityalert/3580 | Third Party Advisory | |
| http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 | Third Party Advisory | |
| http://www.coresecurity.com/?action=item&id=2095 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/487173/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27403 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39996 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31050 | 2008-01-28 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200803-02.xml | 2018-10-26 | |
| http://tracker.firebirdsql.org/browse/CORE-1681 | 2018-10-26 | |
| http://www.debian.org/security/2008/dsa-1529 | 2018-10-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Firebirdsql Search vendor "Firebirdsql" | Firebird Search vendor "Firebirdsql" for product "Firebird" | <= 1.0.3 Search vendor "Firebirdsql" for product "Firebird" and version " <= 1.0.3" | - |
Affected
| ||||||
| Firebirdsql Search vendor "Firebirdsql" | Firebird Search vendor "Firebirdsql" for product "Firebird" | >= 1.5 < 1.5.6 Search vendor "Firebirdsql" for product "Firebird" and version " >= 1.5 < 1.5.6" | - |
Affected
| ||||||
| Firebirdsql Search vendor "Firebirdsql" | Firebird Search vendor "Firebirdsql" for product "Firebird" | >= 2.0.0 < 2.0.4 Search vendor "Firebirdsql" for product "Firebird" and version " >= 2.0.0 < 2.0.4" | - |
Affected
| ||||||
| Firebirdsql Search vendor "Firebirdsql" | Firebird Search vendor "Firebirdsql" for product "Firebird" | 2.1.0 Search vendor "Firebirdsql" for product "Firebird" and version "2.1.0" | - |
Affected
| ||||||