Firebird Server Crash Vulnerability
CVE-2023-41038

7.5HIGH

Key Information:

Vendor: Firebirdsql
Status: Firebird
Vendor: CVE Published:; 20 March 2024

🔔 Create Firebirdsql Vulnerability Alert

What is CVE-2023-41038?

Firebird, a widely-used relational database, is susceptible to a server crash when certain conditions are met involving the SET BIND statement. Versions 4.0.0 through 4.0.3 and 5.0 beta1 can experience stack corruption if a non-privileged user sends a command with an excessively long CHAR length. The result is an unexpected server crash, potentially disrupting services for users relying on the database. Fixes for these issues are available in versions 4.0.4.2981 and 5.0.0.117, with no documented workarounds for the vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

firebird >= 4.0.0, < 4.0.4.2981 < 4.0.0, 4.0.4.2981

firebird >= 5.0 beta1, < 5.0.0.1176 < 5.0 beta1, 5.0.0.1176

References

https://github.com/FirebirdSQL/firebird/security/advisori...

x_refsource_CONFIRM

https://firebirdsql.org/en/snapshot-builds

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Aug 22, 2023

JSON

Firebirdsql

What is CVE-2023-41038?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.