CVE-2023-41038
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-41038
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41038.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-41038
- Aliases
-
- GHSA-6fv8-8rwr-9692
- Downstream
- Published
- 2024-03-20T14:22:50Z
- Modified
- 2025-10-30T20:22:35.872071Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Server crash when using specific form of SET BIND statement
- Details
-
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long
CHARlength, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available. - Database specific
{ "cwe_ids": [ "CWE-770" ] }- References