{"id":"CVE-2017-6369","details":"Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.","modified":"2026-04-10T04:01:53.316915Z","published":"2017-03-24T10:59:00.207Z","related":["SUSE-SU-2017:1156-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3929-1/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97070"},{"type":"REPORT","url":"http://tracker.firebirdsql.org/browse/CORE-5474"},{"type":"ARTICLE","url":"http://www.debian.org/security/2017/dsa-3824"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/firebirdsql/firebird","events":[{"introduced":"b51e0e35512eb01bf3872288b63eb3e18196d71c"},{"fixed":"a802126cd501f641f00d6cda12d5d9ee3ecda6f5"},{"introduced":"1767a517f9c99ec97160cacb452fdcfd83dca9be"},{"fixed":"19b1a66671449091b87a5f8641b93c86f9f79e34"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.5.7"},{"introduced":"3.0.0"},{"fixed":"3.0.2"}]}}],"versions":["R3_0_0","R3_0_1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6369.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}