Your submission was sent successfully! Close


Published: 24 March 2017

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from

From the Ubuntu security team

It was discovered that Firebird exposed certain UDF libraries. An authenticated attacker could use this issue to execute arbitrary code.



CVSS 3 base score: 8.8


Package Release Status
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist
(precise was needed)
Released (
upstream Needs triage

xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Does not exist

Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
cosmic Not vulnerable
disco Not vulnerable
eoan Not vulnerable
focal Not vulnerable
groovy Not vulnerable
hirsute Not vulnerable
impish Not vulnerable
jammy Not vulnerable
precise Does not exist

trusty Does not exist

Released (
xenial Does not exist

yakkety Does not exist

zesty Ignored
(reached end-of-life)