Bug 2388792 (CVE-2025-24975)
| Summary: | CVE-2025-24975 firebirdsql: Firebird Access Bypass | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw has been discovered in the Firebird SQL project that can lead to an access bypass. If connections stored in the ExtConnPool are not properly verified for the CryptCallback interface upon creation, it could cause a server process segmentation fault.
This vulnerability could allow an attachment to access an encrypted database without the required key if the database was previously accessed by an execute statement on external command. The segmentation fault, which could also affect unencrypted databases, can be triggered when a chain of execute statements is used.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2388809, 2388811, 2388813, 2388815 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-08-15 16:01:43 UTC
|