CVE-2007-3527

Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.

Published: Jul 3, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3527
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
firebirdsql / firebird	2.0.0	2.0.0.x

http://osvdb.org/43782
http://secunia.com/advisories/29501
http://tracker.firebirdsql.org/browse/CORE-1063
http://www.debian.org/security/2008/dsa-1529
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
http://www.securityfocus.com/bid/28473

Vulnerability Database

289,697

CVE-2007-3527