An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html | Mailing List Third Party Advisory |
https://www.tenable.com/security/research/tra-2017-36 | Exploit Mitigation Third Party Advisory |
Configurations
History
23 Nov 2021, 22:14
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
20 Nov 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-03-28 17:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-11509
Mitre link : CVE-2017-11509
CVE.ORG link : CVE-2017-11509
JSON object : View
Products Affected
debian
- debian_linux
firebirdsql
- firebird
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')