CVE-2013-2492

Name: CVE-2013-2492
Creator: NVD / NIST
Published: 2013-03-15T22:55:01.003+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 42.17%

Last modified Jun 16, 2026

CVE-2013-2492 is a vulnerability of currently unknown severity. Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.. EPSS estimates a 42.17% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.

Metrics

EPSS Probability

42.17%

98.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Firebirdsql	Firebird	2.1.3
Firebirdsql	Firebird	2.1.4
Firebirdsql	Firebird	2.1.5
Firebirdsql	Firebird	2.5.1
Firebirdsql	Firebird	2.5.2
Firebirdsql	Firebird	2.5.3

References

Timeline

Published: Mar 15, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-2492?

How severe is CVE-2013-2492?

Severity scoring for CVE-2013-2492 is pending analysis. The EPSS model estimates a 42.17% probability of exploitation in the next 30 days.

How do I fix CVE-2013-2492?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2492?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST