Possible buffer overflow in client library
------------------------------------------

                 Key: CORE-6432
                 URL: http://tracker.firebirdsql.org/browse/CORE-6432
             Project: Firebird Core
          Issue Type: Bug
          Components: API / Client Library
    Affects Versions: 3.0.7, 3.0.6, 4.0 Beta 2, 3.0.5, 2.5.9, 4.0 Beta 1, 
3.0.4, 3.0.3, 4.0 Alpha 1, 3.0.2, 3.0.1, 3.0.0, 4.0 Initial
            Reporter: Alexander Peshkov


The loop in merge.cpp:72 expects the `in` buffer to eventually contain either 
isc_info_end, isc_info_truncated or isc_info_implementation, and will otherwise 
read out of buffer bounds with good chance for access violation.

With correctly working providers chances to get that error are very low, but it 
can happen in case of bug in provider (on server) or malware server replacement 
(on client).



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to