Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41038

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.

Published

2024-03-20T15:15:07.290

Last Modified

2025-12-03T20:03:05.223

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	firebirdsql	firebird	≤ 4.0.3	Yes
Application	firebirdsql	firebird	5.0	Yes

References

https://firebirdsql.org/en/snapshot-builds Product ([email protected])
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692 Vendor Advisory ([email protected])
https://firebirdsql.org/en/snapshot-builds Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)