← back
CVE-2013-2492

CVE-2013-2492

EPSS 42.2%
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/41709unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.htmlhttps://gist.github.com/zeroSteiner/85daef257831d904479chttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rbhttps://security.gentoo.org/glsa/201512-11http://tracker.firebirdsql.org/browse/CORE-4058http://www.debian.org/security/2013/dsa-2647http://www.debian.org/security/2013/dsa-2648http://www.securityfocus.com/bid/58393