CVE-2013-2492
Published Mar 15, 2013
Last updated 8 years ago
Overview
- Description
- Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4826EB91-07FB-4D0A-B4B6-1355903C0F26"
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BC2C727-E1AD-4818-9530-3448162EFD1E"
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90F5B6FC-7D83-4353-A88B-70281BB9C47C"
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "861024DD-2FF9-47BF-A553-ED8247BE774D"
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD46C7F4-6551-48E7-9CF1-B1FB5F11F01F"
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD10CD46-ABDE-495A-91DE-AC028FD8927F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]