1. CVE-Search
  2. CVE-2012-5529
ID CVE-2012-5529
Summary TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
References
Vulnerable Configurations
  • cpe:2.3:a:firebirdsql:firebird:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.5.1:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:N/A:P
refmap via4
bid 56521
confirm http://tracker.firebirdsql.org/browse/CORE-3884
debian DSA-2648
mlist
  • [oss-security] 20121114 CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
  • [oss-security] 20121114 Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
sectrack 1027769
xf firebird-tracedsqlprepareprepare-dos(80073)
Last major update 29-08-2017 - 01:32
Published 20-11-2012 - 00:55
Last modified 29-08-2017 - 01:32
Back to Top