CVE-2014-9323
Firebird < 2.1.7 and 2.5.x < 2.5.3 SU1 - Denial of Service via op_response Action
Title source: llmDescription
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3109
Vendor Advisory x_refsource_confirm
http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:172
Exploit, Vendor Advisory x_refsource_confirm
http://tracker.firebirdsql.org/browse/CORE-4630
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0523.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3929-1/
Scores
EPSS
0.0290
EPSS Percentile
85.2%
Details
CWE
CWE-476
Status
published
Products (5)
canonical/ubuntu_linux
14.04
debian/debian_linux
7.0
debian/debian_linux
8.0
firebirdsql/firebird
< 2.1.7
opensuse/evergreen
11.4
Published
Dec 16, 2014
Tracked Since
Feb 18, 2026