ID CVE-2012-5529
Summary TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
References
Vulnerable Configurations
  • cpe:2.3:a:firebirdsql:firebird:2.5.0
    cpe:2.3:a:firebirdsql:firebird:2.5.0
  • firebirdsql firebird 2.5.1
    cpe:2.3:a:firebirdsql:firebird:2.5.1
CVSS
Base: 3.5 (as of 20-11-2012 - 11:06)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-2648.NASL
description A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.
last seen 2019-02-21
modified 2018-11-10
plugin id 65582
published 2013-03-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=65582
title Debian DSA-2648-1 : firebird2.5 - several vulnerabilities
refmap via4
bid 56521
confirm http://tracker.firebirdsql.org/browse/CORE-3884
debian DSA-2648
mlist
  • [oss-security] 20121114 CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
  • [oss-security] 20121114 Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
sectrack 1027769
xf firebird-tracedsqlprepareprepare-dos(80073)
Last major update 14-05-2013 - 23:32
Published 19-11-2012 - 19:55
Last modified 28-08-2017 - 21:32
Back to Top