{"api_version":"1","generated_at":"2026-04-18T04:13:23+00:00","cve":"CVE-2008-0387","urls":{"html":"https://cve.report/CVE-2008-0387","api":"https://cve.report/api/cve/CVE-2008-0387.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0387","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0387"},"summary":{"title":"CVE-2008-0387","description":"Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2008-01-29 02:00:00","updated_at":"2018-10-26 14:19:00"},"problem_types":["CWE-189"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/29501","name":"29501","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Debian firebird2 Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800","name":"http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Firebird download | SourceForge.net","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/487173/100/0/threaded","name":"20080128 CORE-2007-1219: Firebird Remote Memory Corruption","refsource":"BUGTRAQ","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/3580","name":"3580","refsource":"SREASON","tags":["Third Party Advisory"],"title":"SecurityReason - Firebird Remote Memory Corruption","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39996","name":"firebird-xdrprotocol-integer-overflow(39996)","refsource":"XF","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1529","name":"DSA-1529","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-1529-1 firebird","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://tracker.firebirdsql.org/browse/CORE-1681","name":"http://tracker.firebirdsql.org/browse/CORE-1681","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"[#CORE-1681] Garbage data in the incoming remote packet may crash the server - Firebird RDBMS Issue Tracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27403","name":"27403","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Firebird Relational Database 'protocol.cpp' XDR Protocol Remote Memory Corruption Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://security.gentoo.org/glsa/glsa-200803-02.xml","name":"GLSA-200803-02","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"Firebird: Multiple vulnerabilities — Gentoo Linux Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29203","name":"29203","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Gentoo update for firebird - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.coresecurity.com/?action=item&id=2095","name":"http://www.coresecurity.com/?action=item&id=2095","refsource":"MISC","tags":["Third Party Advisory"],"title":"Core Security | Cyber Threat Prevention & Identity Governance","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0387","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0387","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"firebirdsql","cpe5":"firebird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"387","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"firebirdsql","cpe5":"firebird","cpe6":"2.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"387","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"firebirdsql","cpe5":"firebird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"387","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"firebirdsql","cpe5":"firebird","cpe6":"2.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"387","vulnerable":"1","versionEndIncluding":"1.0.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"firebirdsql","cpe5":"firebird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-0387","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"GLSA-200803-02","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200803-02.xml"},{"name":"29203","refsource":"SECUNIA","url":"http://secunia.com/advisories/29203"},{"name":"firebird-xdrprotocol-integer-overflow(39996)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"},{"name":"http://www.coresecurity.com/?action=item&id=2095","refsource":"MISC","url":"http://www.coresecurity.com/?action=item&id=2095"},{"name":"http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800","refsource":"CONFIRM","url":"http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800"},{"name":"20080128 CORE-2007-1219: Firebird Remote Memory Corruption","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/487173/100/0/threaded"},{"name":"29501","refsource":"SECUNIA","url":"http://secunia.com/advisories/29501"},{"name":"3580","refsource":"SREASON","url":"http://securityreason.com/securityalert/3580"},{"name":"27403","refsource":"BID","url":"http://www.securityfocus.com/bid/27403"},{"name":"http://tracker.firebirdsql.org/browse/CORE-1681","refsource":"CONFIRM","url":"http://tracker.firebirdsql.org/browse/CORE-1681"},{"name":"DSA-1529","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1529"}]}},"nvd":{"publishedDate":"2008-01-29 02:00:00","lastModifiedDate":"2018-10-26 14:19:00","problem_types":["CWE-189"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5","versionEndExcluding":"1.5.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"387","Ordinal":"30256","Title":"CVE-2008-0387","CVE":"CVE-2008-0387","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"387","Ordinal":"1","NoteData":"Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.","Type":"Description","Title":null},{"CveYear":"2008","CveId":"387","Ordinal":"2","NoteData":"2008-01-28","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"387","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}