VDB
CVE-2008-0387
CVE-2008-0387
PUBLISHED
CVSS 7.800000190734863 HIGH
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
EPSS 59.91% · 98.3th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
59.91%
98.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| firebirdsql | firebird | 0, 1.5, 2.0.0 |
| n/a | n/a | n/a |
Timeline
- Jan 29, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 1, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- GLSA-200803-02 vendor-advisory
- 29203 third-party-advisory
- firebird-xdrprotocol-integer-overflow(39996) vdb
- http://www.coresecurity.com/?action=item&id=2095 url
- http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 url
- 20080128 CORE-2007-1219: Firebird Remote Memory Corruption mailing-list
- 29501 third-party-advisory
- 3580 third-party-advisory
- 27403 vdb
- http://tracker.firebirdsql.org/browse/CORE-1681 url
- DSA-1529 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-0387 advisory