Vulnerability Details CVE-2023-41038
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-41038
-
cpe:2.3:a:firebirdsql:firebird:4.0.0
-
cpe:2.3:a:firebirdsql:firebird:4.0.1
-
cpe:2.3:a:firebirdsql:firebird:4.0.2
-
cpe:2.3:a:firebirdsql:firebird:4.0.3
-
cpe:2.3:a:firebirdsql:firebird:5.0