CVE-2017-6369
HIGH8.8EPSS 8.9%firebird2.5 - security update
發布日:2017/3/24修改日:2026/4/28
描述
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
受影響套件(3)
- Debian/firebird2.5from 0, < 2.5.2.26540.ds4-1~deb7u3
- Debian/firebird2.5from 0, < 2.5.3.26778.ds4-5+deb8u1
- Debian/firebird3.0from 0, < 3.0.1.32609.ds4-14
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |