oss-sec mailing list archives
CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 14 Nov 2012 10:28:29 -0500 (EST)
Hello Kurt, Steve, vendors, a denial of service flaw was found in the way the TraceManager of Firebird, a SQL relational database management system, performed preparation of an empty dynamic SQL query. When the trace mode was enabled, a remote, authenticated database user could use this flaw to cause the Firebird server to crash with a NULL pointer dereference. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 [2] http://tracker.firebirdsql.org/browse/CORE-3884 [3] https://bugzilla.redhat.com/show_bug.cgi?id=876613 Relevant upstream patch: [4] http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Jan Lieskovsky (Nov 14)