What is CVE-2013-2492?

CVE-2013-2492 is a vulnerability in Firebirdsql Firebird, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-03-15.

Is CVE-2013-2492 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Firebirdsql Firebird

CVE-2013-2492

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size c…

Vulnerability class: Buffer Overflow

EPSS: 0.867 (99.4th percentile) — read the EPSS interpretation.

Affected products

Firebirdsql Firebird — versions 2.1.3, 2.1.4, 2.1.5
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

GLSA-201512-11 (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (Exploit, x_refsource_MISC)
openSUSE-SU-2013:0496 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (Exploit, x_refsource_MISC)
58393 (vdb-entry, x_refsource_BID)
DSA-2648 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Vendor Advisory)
openSUSE-SU-2013:0504 (vendor-advisory, x_refsource_SUSE)
DSA-2647 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2013-2492?: CVE-2013-2492 is a vulnerability in Firebirdsql Firebird, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-03-15.
Is CVE-2013-2492 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.