Denial of Service Vulnerability in Firebird SQL by Firebird
CVE-2009-2620

Currently unrated

Key Information:

Vendor: Firebirdsql
Status: Firebird
Vendor: CVE Published:; 29 July 2009

🔔 Create Firebirdsql Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 10%

What is CVE-2009-2620?

A vulnerability exists in Firebird SQL due to improper handling of op_connect_request messages, which can be exploited by remote attackers to create a denial of service condition. When malformed requests are processed, they can result in an infinite loop or a NULL pointer dereference, leading to a crash of the Firebird SQL daemon. This makes the affected versions more susceptible to potential disruptions initiated by attackers. Users are advised to upgrade to the latest version to mitigate the risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-2620 - Proof of Concept

References

http://www.securityfocus.com/bid/35842

vdb-entryx_refsource_BID

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://www.coresecurity.com/content/firebird-sql-dos

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 29, 2009
👾
Exploit known to exist
Jul 29, 2009
Vulnerability published
Jul 29, 2009
Vulnerability Reserved
Jul 28, 2009

CVE-2009-2620 Data

JSON