CVE-2017-6369
HIGHFirebird 2.5.0-2.5.6 - Authenticated Remote Code Execution via UDF Subsystem
Title source: llmDescription
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
References (4)
Core 4
Core References
Mailing List vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3824
Issue Tracking, Vendor Advisory x_refsource_confirm
http://tracker.firebirdsql.org/browse/CORE-5474
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97070
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3929-1/
Scores
CVSS v3
8.8
EPSS
0.0327
EPSS Percentile
86.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
firebirdsql/firebird
2.5.0 - 2.5.7
Published
Mar 24, 2017
Tracked Since
Feb 18, 2026