VYPR
Unrated severityNVD Advisory· Published Mar 20, 2024· Updated Aug 13, 2024

Server crash when using specific form of SET BIND statement

CVE-2023-41038

Description

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Firebirdsql/Firebirdllm-fuzzy2 versions
    >=4.0.0, <=4.0.3 and 5.0-beta1+ 1 more
    • (no CPE)range: >=4.0.0, <=4.0.3 and 5.0-beta1
    • (no CPE)range: >= 4.0.0, < 4.0.4.2981

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.