CVE-2007-4664

Published: Sep 4, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.

Affected (1)

Products: Firebirdsql: Firebird

Firebirdsql

1 product

Firebird

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Firebirdsql Firebird	Up to 2.0.1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://secunia.com/advisories/26615

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29501

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=535898

Source: cve@mitre.org

http://tracker.firebirdsql.org/browse/CORE-1405

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1529

Source: cve@mitre.org

http://www.firebirdsql.org/index.php?op=files&id=engine_202

Source: cve@mitre.org

http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf

Source: cve@mitre.org

http://www.securityfocus.com/bid/25497

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2007/3021

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36359

Source: cve@mitre.org

http://secunia.com/advisories/26615