CVE-2008-0387

NameCVE-2008-0387
DescriptionInteger overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1529-1
Debian Bugs460048

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firebird2source(unstable)(unfixed)
firebird2.0sourcelenny2.0.3.12981.ds1-1+lenny1
firebird2.0source(unstable)2.0.3.12981.ds1-4460048

Notes

[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)

Search for package or bug name: Reporting problems