Skip to content

vulnerability in attach/create database when filename exceeds MAX_PATH_LEN [CORE1405] #1823

Closed
@firebird-automations

Description

@firebird-automations

Submitted by: @AlexPeshkoff

Vulnerability was reported in admins list. In yValve create/attach calls still have fixed size buffers of MaxPathLen for database name, without checks for buffer size. In HEAD bug was fixed during regular cleanup.