Unrated severityNVD Advisory· Published Mar 20, 2024· Updated Aug 13, 2024

Server crash when using specific form of SET BIND statement

CVE-2023-41038

Description

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.

Affected products

Firebirdsql/Firebirdv5
Range: >= 4.0.0, < 4.0.4.2981

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

firebirdsql.org/en/snapshot-buildsmitrex_refsource_MISC
github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000