Skip to content

Segfault in server caused by malformed network packet CVE-2014-9323 [CORE4630] #4944

Closed
@firebird-automations

Description

@firebird-automations

Submitted by: @ibprovider

Attachments:
crash.cpp

Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server.

All Firebird versions except v3.0 are affected.

Commits: 4db617f 256b95e d310e46 FirebirdSQL/fbt-repository@f588ffa FirebirdSQL/fbt-repository@02cfa8f