USN-3929-1: Firebird vulnerabilities

02 April 2019

firebird2.5 vulnerabilities

Releases

Packages

  • firebird2.5 - A full-featured, open source SQL database derived from Borland InterBase 6.0

Details

It was discovered that Firebird incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue with a specially
crafted network packet to cause Firebird to crash, resulting in a denial of
service.
(CVE-2014-9323)

It was discovered that Firebird incorrectly handled certain UDF libraries.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2017-6369)