Here is the description for CVE-2017-11509 An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The only known solution is to disable external UDF libraries from being loaded. In order to achieve this, the default configuration has changed to UdfAccess=None. This will prevent the fbudf module from … Continue reading Firebird fbudf Module Authenticated Remote Code Execution