Firebird Denial-of-Service Vulnerability in Clumplet Parsing

A denial-of-service vulnerability has been identified in Firebird, an open-source relational database management system. This issue affects versions prior to 5.0.4, 4.0.7, and 3.0.14. The vulnerability arises in the ClumpletReader::getClumpletSize() function, where improper handling of 'Wide' type clumplets can lead to an overflow of the totalLength variable, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this by sending a crafted Batch Parameter Block, leading to a server hang.

Impact

Exploitation of this vulnerability causes the Firebird server to hang, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, an authenticated user with INSERT privileges on a table can create a batch request that includes a specially crafted Batch Parameter Block designed to exploit the clumplet parsing function. This can be done using a C++ program that sends the crafted batch parameter to the server, causing it to enter an infinite loop and become unresponsive.

Remediation

Users can upgrade to Firebird versions 5.0.4, 4.0.7, or 3.0.14 to address this vulnerability.