| Name | CVE-2014-9323 |
| Description | The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-123-1, DLA-130-1, DSA-3109-1 |
| Debian Bugs | 772880 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firebird2.1 | source | squeeze | 2.1.3.18185-0.ds1-11+squeeze2 | DLA-130-1 | ||
| firebird2.1 | source | (unstable) | (unfixed) | |||
| firebird2.5 | source | squeeze | 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze2 | DLA-123-1 | ||
| firebird2.5 | source | wheezy | 2.5.2.26540.ds4-1~deb7u2 | DSA-3109-1 | ||
| firebird2.5 | source | (unstable) | 2.5.3.26778.ds4-5 | 772880 |
http://sourceforge.net/p/firebird/code/60331
http://tracker.firebirdsql.org/browse/CORE-4630