Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
129 vulnerabilities found for firebird by FirebirdSQL
CVE-2026-40342 (GCVE-0-2026-40342)
Vulnerability from nvd – Published: 2026-04-17 19:22 – Updated: 2026-04-17 19:22
VLAI?
Title
Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
10 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library\u0027s initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server\u0027s OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:22:46.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7pxc-h3rv-r257",
"discovery": "UNKNOWN"
},
"title": "Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40342",
"datePublished": "2026-04-17T19:22:46.644Z",
"dateReserved": "2026-04-10T22:50:01.358Z",
"dateUpdated": "2026-04-17T19:22:46.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35215 (GCVE-0-2026-35215)
Vulnerability from nvd – Published: 2026-04-17 18:59 – Updated: 2026-04-17 18:59
VLAI?
Title
Firebird: DoS via malicious slice descriptor in slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-369 - Divide By Zero
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369: Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:59:23.663Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-g99w-prq5-29c6",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via malicious slice descriptor in slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35215",
"datePublished": "2026-04-17T18:59:23.663Z",
"dateReserved": "2026-04-01T18:48:58.937Z",
"dateUpdated": "2026-04-17T18:59:23.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34232 (GCVE-0-2026-34232)
Vulnerability from nvd – Published: 2026-04-17 18:52 – Updated: 2026-04-17 18:52
VLAI?
Title
Firebird: DoS via `op_response` packet from client
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:52:11.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7jq3-6j3c-5cm2",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via `op_response` packet from client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34232",
"datePublished": "2026-04-17T18:52:11.693Z",
"dateReserved": "2026-03-26T16:22:29.034Z",
"dateUpdated": "2026-04-17T18:52:11.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33337 (GCVE-0-2026-33337)
Vulnerability from nvd – Published: 2026-04-17 18:48 – Updated: 2026-04-17 19:21
VLAI?
Title
Firebird has a buffer overflow when parsing corrupted slice packets
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:21:08.979325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:21:17.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:48:47.953Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-89mq-229g-x47p",
"discovery": "UNKNOWN"
},
"title": "Firebird has a buffer overflow when parsing corrupted slice packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33337",
"datePublished": "2026-04-17T18:48:47.953Z",
"dateReserved": "2026-03-18T22:15:11.812Z",
"dateUpdated": "2026-04-17T19:21:17.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28224 (GCVE-0-2026-28224)
Vulnerability from nvd – Published: 2026-04-17 18:38 – Updated: 2026-04-17 19:31
VLAI?
Title
Firebird Null Pointer Dereference via CryptCallback causes DOS
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:31:35.290539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:31:38.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:38:58.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-xrcw-wpjx-pr95",
"discovery": "UNKNOWN"
},
"title": "Firebird Null Pointer Dereference via CryptCallback causes DOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28224",
"datePublished": "2026-04-17T18:38:58.138Z",
"dateReserved": "2026-02-25T15:28:40.650Z",
"dateUpdated": "2026-04-17T19:31:38.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28214 (GCVE-0-2026-28214)
Vulnerability from nvd – Published: 2026-04-17 18:35 – Updated: 2026-04-17 18:35
VLAI?
Title
Firebird server hangs when using specific clumplet on batch creation
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:35:46.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7cq5-994r-jhrf",
"discovery": "UNKNOWN"
},
"title": "Firebird server hangs when using specific clumplet on batch creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28214",
"datePublished": "2026-04-17T18:35:46.974Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-17T18:35:46.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28212 (GCVE-0-2026-28212)
Vulnerability from nvd – Published: 2026-04-17 18:05 – Updated: 2026-04-17 18:10
VLAI?
Title
Firebird has potential server crash via null pointer dereference when processing op_slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:10:29.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-9884-9qm3-hqch",
"discovery": "UNKNOWN"
},
"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28212",
"datePublished": "2026-04-17T18:05:25.854Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-17T18:10:29.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27890 (GCVE-0-2026-27890)
Vulnerability from nvd – Published: 2026-04-17 18:14 – Updated: 2026-04-17 18:50
VLAI?
Title
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:50:13.916401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:50:22.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class\u0027s grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:36:11.924Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-6crx-4g37-7j49",
"discovery": "UNKNOWN"
},
"title": "Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27890",
"datePublished": "2026-04-17T18:14:29.433Z",
"dateReserved": "2026-02-24T15:19:29.716Z",
"dateUpdated": "2026-04-17T18:50:22.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65104 (GCVE-0-2025-65104)
Vulnerability from nvd – Published: 2026-04-17 17:47 – Updated: 2026-04-17 18:25
VLAI?
Title
Firebird: Information leak vulnerability in firebird3 client when used with newer server
Summary
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
Severity ?
7.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 4.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:25:02.873225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:25:11.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T17:47:42.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0"
}
],
"source": {
"advisory": "GHSA-mfpr-9886-xjhg",
"discovery": "UNKNOWN"
},
"title": "Firebird: Information leak vulnerability in firebird3 client when used with newer server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65104",
"datePublished": "2026-04-17T17:47:42.109Z",
"dateReserved": "2025-11-17T20:55:34.693Z",
"dateUpdated": "2026-04-17T18:25:11.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24975 (GCVE-0-2025-24975)
Vulnerability from nvd – Published: 2025-08-15 15:11 – Updated: 2025-08-20 19:50
VLAI?
Title
Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity ?
7.1 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 6.0.0.609
Affected: < 5.0.2.1610 Affected: < 4.0.6.3183 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:09:49.364643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:09:59.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-20T19:50:53.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.0.609"
},
{
"status": "affected",
"version": "\u003c 5.0.2.1610"
},
{
"status": "affected",
"version": "\u003c 4.0.6.3183"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:11:29.986Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8429"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
}
],
"source": {
"advisory": "GHSA-fx9r-rj68-7p69",
"discovery": "UNKNOWN"
},
"title": "Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24975",
"datePublished": "2025-08-15T15:11:29.986Z",
"dateReserved": "2025-01-29T15:18:03.211Z",
"dateUpdated": "2025-08-20T19:50:53.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54989 (GCVE-0-2025-54989)
Vulnerability from nvd – Published: 2025-08-15 15:04 – Updated: 2025-11-03 18:13
VLAI?
Title
Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability
Summary
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.13
Affected: < 4.0.6 Affected: < 5.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:08:23.768876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:08:38.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:39.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.13"
},
{
"status": "affected",
"version": "\u003c 4.0.6"
},
{
"status": "affected",
"version": "\u003c 5.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:04:19.097Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8554",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8554"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25"
}
],
"source": {
"advisory": "GHSA-7qp6-hqxj-pjjp",
"discovery": "UNKNOWN"
},
"title": "Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54989",
"datePublished": "2025-08-15T15:04:19.097Z",
"dateReserved": "2025-08-04T17:34:24.419Z",
"dateUpdated": "2025-11-03T18:13:39.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41038 (GCVE-0-2023-41038)
Vulnerability from nvd – Published: 2024-03-20 14:22 – Updated: 2024-08-13 16:44
VLAI?
Title
Server crash when using specific form of SET BIND statement
Summary
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 4.0.0, < 4.0.4.2981
Affected: >= 5.0 beta1, < 5.0.0.1176 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firebird",
"vendor": "firebirdsql",
"versions": [
{
"lessThan": "4.0.4.2981",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.0.1176",
"status": "affected",
"version": "5.0_beta1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:37:40.792401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:44:27.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4.2981"
},
{
"status": "affected",
"version": "\u003e= 5.0 beta1, \u003c 5.0.0.1176"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:22:50.484Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"source": {
"advisory": "GHSA-6fv8-8rwr-9692",
"discovery": "UNKNOWN"
},
"title": "Server crash when using specific form of SET BIND statement"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41038",
"datePublished": "2024-03-20T14:22:50.484Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-08-13T16:44:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11509 (GCVE-0-2017-11509)
Vulnerability from nvd – Published: 2018-03-28 17:00 – Updated: 2024-09-16 22:24
VLAI?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Severity ?
No CVSS data available.
CWE
- Authenticated Remote Code Execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Firebird Foundation | Firebird SQL Server |
Affected:
2.5.7
Affected: 3.0.2 |
Date Public ?
2017-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firebird SQL Server",
"vendor": "Firebird Foundation",
"versions": [
{
"status": "affected",
"version": "2.5.7"
},
{
"status": "affected",
"version": "3.0.2"
}
]
}
],
"datePublic": "2017-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T13:06:10.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2017-11-21T00:00:00",
"ID": "CVE-2017-11509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firebird SQL Server",
"version": {
"version_data": [
{
"version_value": "2.5.7"
},
{
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "Firebird Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2017-11509",
"datePublished": "2018-03-28T17:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-40342 (GCVE-0-2026-40342)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:22 – Updated: 2026-04-17 19:22
VLAI?
Title
Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
10 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library\u0027s initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server\u0027s OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:22:46.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7pxc-h3rv-r257",
"discovery": "UNKNOWN"
},
"title": "Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40342",
"datePublished": "2026-04-17T19:22:46.644Z",
"dateReserved": "2026-04-10T22:50:01.358Z",
"dateUpdated": "2026-04-17T19:22:46.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35215 (GCVE-0-2026-35215)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:59 – Updated: 2026-04-17 18:59
VLAI?
Title
Firebird: DoS via malicious slice descriptor in slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-369 - Divide By Zero
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369: Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:59:23.663Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-g99w-prq5-29c6",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via malicious slice descriptor in slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35215",
"datePublished": "2026-04-17T18:59:23.663Z",
"dateReserved": "2026-04-01T18:48:58.937Z",
"dateUpdated": "2026-04-17T18:59:23.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34232 (GCVE-0-2026-34232)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:52 – Updated: 2026-04-17 18:52
VLAI?
Title
Firebird: DoS via `op_response` packet from client
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:52:11.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7jq3-6j3c-5cm2",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via `op_response` packet from client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34232",
"datePublished": "2026-04-17T18:52:11.693Z",
"dateReserved": "2026-03-26T16:22:29.034Z",
"dateUpdated": "2026-04-17T18:52:11.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33337 (GCVE-0-2026-33337)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:48 – Updated: 2026-04-17 19:21
VLAI?
Title
Firebird has a buffer overflow when parsing corrupted slice packets
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:21:08.979325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:21:17.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:48:47.953Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-89mq-229g-x47p",
"discovery": "UNKNOWN"
},
"title": "Firebird has a buffer overflow when parsing corrupted slice packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33337",
"datePublished": "2026-04-17T18:48:47.953Z",
"dateReserved": "2026-03-18T22:15:11.812Z",
"dateUpdated": "2026-04-17T19:21:17.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28224 (GCVE-0-2026-28224)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:38 – Updated: 2026-04-17 19:31
VLAI?
Title
Firebird Null Pointer Dereference via CryptCallback causes DOS
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:31:35.290539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:31:38.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:38:58.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-xrcw-wpjx-pr95",
"discovery": "UNKNOWN"
},
"title": "Firebird Null Pointer Dereference via CryptCallback causes DOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28224",
"datePublished": "2026-04-17T18:38:58.138Z",
"dateReserved": "2026-02-25T15:28:40.650Z",
"dateUpdated": "2026-04-17T19:31:38.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28214 (GCVE-0-2026-28214)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:35 – Updated: 2026-04-17 18:35
VLAI?
Title
Firebird server hangs when using specific clumplet on batch creation
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:35:46.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7cq5-994r-jhrf",
"discovery": "UNKNOWN"
},
"title": "Firebird server hangs when using specific clumplet on batch creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28214",
"datePublished": "2026-04-17T18:35:46.974Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-17T18:35:46.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27890 (GCVE-0-2026-27890)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:14 – Updated: 2026-04-17 18:50
VLAI?
Title
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:50:13.916401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:50:22.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class\u0027s grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:36:11.924Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-6crx-4g37-7j49",
"discovery": "UNKNOWN"
},
"title": "Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27890",
"datePublished": "2026-04-17T18:14:29.433Z",
"dateReserved": "2026-02-24T15:19:29.716Z",
"dateUpdated": "2026-04-17T18:50:22.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28212 (GCVE-0-2026-28212)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:05 – Updated: 2026-04-17 18:10
VLAI?
Title
Firebird has potential server crash via null pointer dereference when processing op_slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:10:29.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-9884-9qm3-hqch",
"discovery": "UNKNOWN"
},
"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28212",
"datePublished": "2026-04-17T18:05:25.854Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-17T18:10:29.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65104 (GCVE-0-2025-65104)
Vulnerability from cvelistv5 – Published: 2026-04-17 17:47 – Updated: 2026-04-17 18:25
VLAI?
Title
Firebird: Information leak vulnerability in firebird3 client when used with newer server
Summary
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
Severity ?
7.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 4.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:25:02.873225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:25:11.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T17:47:42.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0"
}
],
"source": {
"advisory": "GHSA-mfpr-9886-xjhg",
"discovery": "UNKNOWN"
},
"title": "Firebird: Information leak vulnerability in firebird3 client when used with newer server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65104",
"datePublished": "2026-04-17T17:47:42.109Z",
"dateReserved": "2025-11-17T20:55:34.693Z",
"dateUpdated": "2026-04-17T18:25:11.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24975 (GCVE-0-2025-24975)
Vulnerability from cvelistv5 – Published: 2025-08-15 15:11 – Updated: 2025-08-20 19:50
VLAI?
Title
Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity ?
7.1 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 6.0.0.609
Affected: < 5.0.2.1610 Affected: < 4.0.6.3183 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:09:49.364643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:09:59.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-20T19:50:53.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.0.609"
},
{
"status": "affected",
"version": "\u003c 5.0.2.1610"
},
{
"status": "affected",
"version": "\u003c 4.0.6.3183"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:11:29.986Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8429"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
}
],
"source": {
"advisory": "GHSA-fx9r-rj68-7p69",
"discovery": "UNKNOWN"
},
"title": "Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24975",
"datePublished": "2025-08-15T15:11:29.986Z",
"dateReserved": "2025-01-29T15:18:03.211Z",
"dateUpdated": "2025-08-20T19:50:53.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54989 (GCVE-0-2025-54989)
Vulnerability from cvelistv5 – Published: 2025-08-15 15:04 – Updated: 2025-11-03 18:13
VLAI?
Title
Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability
Summary
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.13
Affected: < 4.0.6 Affected: < 5.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:08:23.768876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:08:38.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:39.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.13"
},
{
"status": "affected",
"version": "\u003c 4.0.6"
},
{
"status": "affected",
"version": "\u003c 5.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:04:19.097Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8554",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8554"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25"
}
],
"source": {
"advisory": "GHSA-7qp6-hqxj-pjjp",
"discovery": "UNKNOWN"
},
"title": "Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54989",
"datePublished": "2025-08-15T15:04:19.097Z",
"dateReserved": "2025-08-04T17:34:24.419Z",
"dateUpdated": "2025-11-03T18:13:39.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41038 (GCVE-0-2023-41038)
Vulnerability from cvelistv5 – Published: 2024-03-20 14:22 – Updated: 2024-08-13 16:44
VLAI?
Title
Server crash when using specific form of SET BIND statement
Summary
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 4.0.0, < 4.0.4.2981
Affected: >= 5.0 beta1, < 5.0.0.1176 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firebird",
"vendor": "firebirdsql",
"versions": [
{
"lessThan": "4.0.4.2981",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.0.1176",
"status": "affected",
"version": "5.0_beta1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:37:40.792401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:44:27.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4.2981"
},
{
"status": "affected",
"version": "\u003e= 5.0 beta1, \u003c 5.0.0.1176"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:22:50.484Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"source": {
"advisory": "GHSA-6fv8-8rwr-9692",
"discovery": "UNKNOWN"
},
"title": "Server crash when using specific form of SET BIND statement"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41038",
"datePublished": "2024-03-20T14:22:50.484Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-08-13T16:44:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11509 (GCVE-0-2017-11509)
Vulnerability from cvelistv5 – Published: 2018-03-28 17:00 – Updated: 2024-09-16 22:24
VLAI?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Severity ?
No CVSS data available.
CWE
- Authenticated Remote Code Execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Firebird Foundation | Firebird SQL Server |
Affected:
2.5.7
Affected: 3.0.2 |
Date Public ?
2017-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firebird SQL Server",
"vendor": "Firebird Foundation",
"versions": [
{
"status": "affected",
"version": "2.5.7"
},
{
"status": "affected",
"version": "3.0.2"
}
]
}
],
"datePublic": "2017-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T13:06:10.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2017-11-21T00:00:00",
"ID": "CVE-2017-11509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firebird SQL Server",
"version": {
"version_data": [
{
"version_value": "2.5.7"
},
{
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "Firebird Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2017-11509",
"datePublished": "2018-03-28T17:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-54989
Vulnerability from fkie_nvd - Published: 2025-08-15 15:15 - Updated: 2025-11-03 19:16
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * | |
| firebirdsql | firebird | * | |
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A13E766-40E2-465B-B161-E8399221EFF6",
"versionEndExcluding": "3.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A077FF0A-B2BD-407F-8FAB-6B87824DBF56",
"versionEndExcluding": "4.0.6",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AC2221-B79F-4F79-B066-037D2A8425E6",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3."
},
{
"lang": "es",
"value": "Firebird es una base de datos relacional. En versiones anteriores a la 3.0.13, 4.0.6 y 5.0.3, exist\u00eda una vulnerabilidad de denegaci\u00f3n de servicio relacionada con la desreferencia de punteros nulos al analizar mensajes XDR en Firebird. Esta falla espec\u00edfica se produce al analizar mensajes XDR del cliente. Provoca la desreferencia de punteros nulos y una denegaci\u00f3n de servicio (DoS). Este problema se ha corregido en las versiones 3.0.13, 4.0.6 y 5.0.3."
}
],
"id": "CVE-2025-54989",
"lastModified": "2025-11-03T19:16:11.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-15T15:15:32.597",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8554"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00021.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-24975
Vulnerability from fkie_nvd - Published: 2025-08-15 15:15 - Updated: 2025-10-09 19:04
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * | |
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A077FF0A-B2BD-407F-8FAB-6B87824DBF56",
"versionEndExcluding": "4.0.6",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D676B31-1F76-4F55-9DD3-5402063FB560",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
},
{
"lang": "es",
"value": "Firebird es una base de datos relacional. En versiones anteriores a las instant\u00e1neas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, Firebird era vulnerable si ExtConnPoolSize no se establec\u00eda en 0. Si no se verifica la presencia y la idoneidad de la interfaz CryptCallback al crear las conexiones almacenadas en ExtConnPool, y se utiliza en lugar de la disponible, podr\u00eda producirse una violaci\u00f3n de segmentaci\u00f3n en el proceso del servidor. Las bases de datos cifradas, a las que se accede mediante una sentencia de ejecuci\u00f3n externa, podr\u00edan ser accedidas posteriormente por un archivo adjunto que no tenga la clave de esa base de datos. Al encadenar sentencias de ejecuci\u00f3n, podr\u00eda producirse una violaci\u00f3n de segmentaci\u00f3n. Adem\u00e1s, esta violaci\u00f3n puede afectar a bases de datos no cifradas. Este problema se ha corregido en las instant\u00e1neas 4.0.6.3183, 5.0.2.1610 y 6.0.0.609, as\u00ed como en las versiones puntuales 4.0.6 y 5.0.2. Una soluci\u00f3n alternativa para este problema implica establecer ExtConnPoolSize igual a 0 en firebird.conf."
}
],
"id": "CVE-2025-24975",
"lastModified": "2025-10-09T19:04:01.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-15T15:15:32.117",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8429"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-41038
Vulnerability from fkie_nvd - Published: 2024-03-20 15:15 - Updated: 2025-12-03 20:03
Severity ?
Summary
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * | |
| firebirdsql | firebird | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFE0C34-8E5F-4D5C-B072-D6319FC7E081",
"versionEndIncluding": "4.0.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C1A6D3C4-2FA7-4F20-ACB5-679D82DDC008",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
},
{
"lang": "es",
"value": "Firebird es una base de datos relacional. Las versiones 4.0.0 a 4.0.3 y la versi\u00f3n 5.0 beta1 son vulnerables a un bloqueo del servidor cuando un usuario utiliza una forma espec\u00edfica de la declaraci\u00f3n SET BIND. Cualquier usuario sin privilegios con un acceso m\u00ednimo a un servidor puede escribir una declaraci\u00f3n con una longitud `CHAR` larga, lo que hace que el servidor se bloquee debido a la corrupci\u00f3n de la pila. Las versiones 4.0.4.2981 y 5.0.0.117 contienen correcciones para este problema. No se conocen workarounds disponibles."
}
],
"id": "CVE-2023-41038",
"lastModified": "2025-12-03T20:03:05.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-03-20T15:15:07.290",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2017-11509
Vulnerability from fkie_nvd - Published: 2018-03-28 17:29 - Updated: 2024-11-21 03:07
Severity ?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.5.7 | |
| firebirdsql | firebird | 3.0.2 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13393620-4886-4BDC-A4F7-582939A1E13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F40DAE39-D9A9-4753-A9E4-DFADBBA75B23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
},
{
"lang": "es",
"value": "Un atacante remoto autenticado puede ejecutar c\u00f3digo arbitrario en Firebird SQL Server, versiones 2.5.7 y 3.0.2, ejecutando una instrucci\u00f3n SQL mal formada."
}
],
"id": "CVE-2017-11509",
"lastModified": "2024-11-21T03:07:54.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-28T17:29:00.210",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}