[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#693210: server crash on prearing an empty query with tracing enabled

(adding -security to Cc)

-=| Damyan Ivanov, 14.11.2012 11:35:02 +0200 |=-
> Source: firebird2.5
> Version: 2.5.0
> Severity: important
> Tags: upstream fixed-upstream security
> Forwarded: http://tracker.firebirdsql.org/browse/CORE-3884
> With trace enabled, preparing an empty query crashes the server on line 91 of 
> /src/jrd/trace/TraceDSQLHelpers.h, since the dereferenced m_request variable is 
> Tagged as 'security' since this is a remote crash, although it requires a valid 
> user/pass.

This issue has assigned CVE-2012-5529.

Attachment: signature.asc
Description: Digital signature

Reply to: