ALT-PU-2024-11809-2

Package update firebird in branch sisyphus

Version4.0.5-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.5

Уязвимость системы управления базами данных Firebird, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-03-26Modified: 2024-05-27

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2023-41038

HIGH7.5

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.

Published: 2024-03-20Modified: 2025-12-03

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Closed bugs (1)

message file /var/lib/firebird/system/firebird.msg not found