Unrated severityNVD Advisory· Published Mar 20, 2024· Updated Aug 13, 2024
Server crash when using specific form of SET BIND statement
CVE-2023-41038
Description
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=4.0.0, <=4.0.3 and 5.0-beta1+ 1 more
- (no CPE)range: >=4.0.0, <=4.0.3 and 5.0-beta1
- (no CPE)range: >= 4.0.0, < 4.0.4.2981
Patches
Vulnerability mechanics
References
2- firebirdsql.org/en/snapshot-buildsmitrex_refsource_MISC
- github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.