CVE-2014-9323

Firebird < 2.1.7 and 2.5.x < 2.5.3 SU1 - Denial of Service via op_response Action

Title source: llm
STIX 2.1

Description

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

References (7)

Core 7
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3109
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:172
Exploit, Vendor Advisory x_refsource_confirm
http://tracker.firebirdsql.org/browse/CORE-4630
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0523.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3929-1/

Scores

EPSS 0.0290
EPSS Percentile 85.2%

Details

CWE
CWE-476
Status published
Products (5)
canonical/ubuntu_linux 14.04
debian/debian_linux 7.0
debian/debian_linux 8.0
firebirdsql/firebird < 2.1.7
opensuse/evergreen 11.4
Published Dec 16, 2014
Tracked Since Feb 18, 2026