CVE-2017-6369
HIGH8.8EPSS 8.9%firebird2.5 - security update
Published: 3/24/2017Modified: 3/9/2026
Description
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
Affected packages (3)
- Debian/firebird2.5from 0, < 2.5.2.26540.ds4-1~deb7u3
- Debian/firebird2.5from 0, < 2.5.3.26778.ds4-5+deb8u1
- Debian/firebird3.0from 0, < 3.0.1.32609.ds4-14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |