Firebird Server Crash Vulnerability
CVE-2023-41038

7.5HIGH

Key Information:

Vendor: Firebirdsql
Status: Firebird
Vendor: CVE Published:; 20 March 2024

🔔 Create Firebirdsql Vulnerability Alert

What is CVE-2023-41038?

Firebird, a widely-used relational database, is susceptible to a server crash when certain conditions are met involving the SET BIND statement. Versions 4.0.0 through 4.0.3 and 5.0 beta1 can experience stack corruption if a non-privileged user sends a command with an excessively long CHAR length. The result is an unexpected server crash, potentially disrupting services for users relying on the database. Fixes for these issues are available in versions 4.0.4.2981 and 5.0.0.117, with no documented workarounds for the vulnerability.

Affected Version(s)

firebird >= 4.0.0, < 4.0.4.2981 < 4.0.0, 4.0.4.2981

firebird >= 5.0 beta1, < 5.0.0.1176 < 5.0 beta1, 5.0.0.1176

References

https://github.com/FirebirdSQL/firebird/security/advisori...

x_refsource_CONFIRM

https://firebirdsql.org/en/snapshot-builds

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Aug 22, 2023

CVE-2023-41038 Data

JSON