Vulnerability Details : CVE-2008-0387
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Vulnerability category: OverflowMemory CorruptionExecute code
Products affected by CVE-2008-0387
- cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
- cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
- cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
- cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0387
94.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0387
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2008-0387
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0387
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39996
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2008/dsa-1529
Third Party Advisory
-
http://www.securityfocus.com/bid/27403
Third Party Advisory;VDB Entry
-
http://www.coresecurity.com/?action=item&id=2095
Third Party Advisory
-
http://tracker.firebirdsql.org/browse/CORE-1681
Vendor Advisory
-
http://www.securityfocus.com/archive/1/487173/100/0/threaded
Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-200803-02.xml
Third Party Advisory
-
http://securityreason.com/securityalert/3580
Third Party Advisory
-
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
Third Party Advisory
Jump to