CVE-2023-41038

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 20, 2024

CWE ID 770

Summary

CVE-2023-41038 is a server crash vulnerability affecting Firebird database versions 4.0.0 through 4.0.3 and 5.0 beta1. A non-privileged user can exploit this issue by using a maliciously crafted SET BIND statement with an abnormally long `CHAR` length. The vulnerability results in stack corruption and server crashes. Versions 4.0.4.2981 and 5.0.0.117 have been released to address the issue, and currently, no workarounds are available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sbM6ca
https://www.cve.org/CVERecord?id=CVE-2023-41038
https://nvd.nist.gov/vuln/detail/CVE-2023-41038

Back to Vulnerability Database

CVE-2023-41038

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations