Closed
Description
Submitted by: @ibprovider
Attachments:
crash.cpp
Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server.
All Firebird versions except v3.0 are affected.
Commits: 4db617f 256b95e d310e46 FirebirdSQL/fbt-repository@f588ffa FirebirdSQL/fbt-repository@02cfa8f