Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
92 vulnerabilities found for firebird by firebirdsql
CVE-2026-40342 (GCVE-0-2026-40342)
Vulnerability from nvd – Published: 2026-04-17 19:22 – Updated: 2026-04-22 13:56
VLAI?
Title
Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
10 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T03:55:33.795186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:56:49.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library\u0027s initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server\u0027s OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:22:46.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7pxc-h3rv-r257",
"discovery": "UNKNOWN"
},
"title": "Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40342",
"datePublished": "2026-04-17T19:22:46.644Z",
"dateReserved": "2026-04-10T22:50:01.358Z",
"dateUpdated": "2026-04-22T13:56:49.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35215 (GCVE-0-2026-35215)
Vulnerability from nvd – Published: 2026-04-17 18:59 – Updated: 2026-04-20 15:40
VLAI?
Title
Firebird: DoS via malicious slice descriptor in slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-369 - Divide By Zero
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35215",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T15:40:04.996968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T15:40:39.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369: Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:59:23.663Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-g99w-prq5-29c6",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via malicious slice descriptor in slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35215",
"datePublished": "2026-04-17T18:59:23.663Z",
"dateReserved": "2026-04-01T18:48:58.937Z",
"dateUpdated": "2026-04-20T15:40:39.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34232 (GCVE-0-2026-34232)
Vulnerability from nvd – Published: 2026-04-17 18:52 – Updated: 2026-04-20 13:46
VLAI?
Title
Firebird: DoS via `op_response` packet from client
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34232",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:42:40.302937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:46:08.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:52:11.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7jq3-6j3c-5cm2",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via `op_response` packet from client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34232",
"datePublished": "2026-04-17T18:52:11.693Z",
"dateReserved": "2026-03-26T16:22:29.034Z",
"dateUpdated": "2026-04-20T13:46:08.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33337 (GCVE-0-2026-33337)
Vulnerability from nvd – Published: 2026-04-17 18:48 – Updated: 2026-04-17 19:21
VLAI?
Title
Firebird has a buffer overflow when parsing corrupted slice packets
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:21:08.979325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:21:17.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:48:47.953Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-89mq-229g-x47p",
"discovery": "UNKNOWN"
},
"title": "Firebird has a buffer overflow when parsing corrupted slice packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33337",
"datePublished": "2026-04-17T18:48:47.953Z",
"dateReserved": "2026-03-18T22:15:11.812Z",
"dateUpdated": "2026-04-17T19:21:17.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28224 (GCVE-0-2026-28224)
Vulnerability from nvd – Published: 2026-04-17 18:38 – Updated: 2026-04-17 19:31
VLAI?
Title
Firebird Null Pointer Dereference via CryptCallback causes DOS
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:31:35.290539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:31:38.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:38:58.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-xrcw-wpjx-pr95",
"discovery": "UNKNOWN"
},
"title": "Firebird Null Pointer Dereference via CryptCallback causes DOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28224",
"datePublished": "2026-04-17T18:38:58.138Z",
"dateReserved": "2026-02-25T15:28:40.650Z",
"dateUpdated": "2026-04-17T19:31:38.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28214 (GCVE-0-2026-28214)
Vulnerability from nvd – Published: 2026-04-17 18:35 – Updated: 2026-04-20 13:46
VLAI?
Title
Firebird server hangs when using specific clumplet on batch creation
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:41:09.298737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:46:08.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:35:46.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7cq5-994r-jhrf",
"discovery": "UNKNOWN"
},
"title": "Firebird server hangs when using specific clumplet on batch creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28214",
"datePublished": "2026-04-17T18:35:46.974Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-20T13:46:08.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28212 (GCVE-0-2026-28212)
Vulnerability from nvd – Published: 2026-04-17 18:05 – Updated: 2026-04-20 13:46
VLAI?
Title
Firebird has potential server crash via null pointer dereference when processing op_slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28212",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:44:29.423772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:46:08.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:10:29.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-9884-9qm3-hqch",
"discovery": "UNKNOWN"
},
"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28212",
"datePublished": "2026-04-17T18:05:25.854Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-20T13:46:08.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27890 (GCVE-0-2026-27890)
Vulnerability from nvd – Published: 2026-04-17 18:14 – Updated: 2026-04-17 18:50
VLAI?
Title
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:50:13.916401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:50:22.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class\u0027s grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:36:11.924Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-6crx-4g37-7j49",
"discovery": "UNKNOWN"
},
"title": "Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27890",
"datePublished": "2026-04-17T18:14:29.433Z",
"dateReserved": "2026-02-24T15:19:29.716Z",
"dateUpdated": "2026-04-17T18:50:22.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65104 (GCVE-0-2025-65104)
Vulnerability from nvd – Published: 2026-04-17 17:47 – Updated: 2026-04-17 18:25
VLAI?
Title
Firebird: Information leak vulnerability in firebird3 client when used with newer server
Summary
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
Severity ?
7.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 4.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:25:02.873225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:25:11.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T17:47:42.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0"
}
],
"source": {
"advisory": "GHSA-mfpr-9886-xjhg",
"discovery": "UNKNOWN"
},
"title": "Firebird: Information leak vulnerability in firebird3 client when used with newer server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65104",
"datePublished": "2026-04-17T17:47:42.109Z",
"dateReserved": "2025-11-17T20:55:34.693Z",
"dateUpdated": "2026-04-17T18:25:11.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54989 (GCVE-0-2025-54989)
Vulnerability from nvd – Published: 2025-08-15 15:04 – Updated: 2025-11-03 18:13
VLAI?
Title
Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability
Summary
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.13
Affected: < 4.0.6 Affected: < 5.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:08:23.768876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:08:38.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:39.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.13"
},
{
"status": "affected",
"version": "\u003c 4.0.6"
},
{
"status": "affected",
"version": "\u003c 5.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:04:19.097Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8554",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8554"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25"
}
],
"source": {
"advisory": "GHSA-7qp6-hqxj-pjjp",
"discovery": "UNKNOWN"
},
"title": "Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54989",
"datePublished": "2025-08-15T15:04:19.097Z",
"dateReserved": "2025-08-04T17:34:24.419Z",
"dateUpdated": "2025-11-03T18:13:39.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24975 (GCVE-0-2025-24975)
Vulnerability from nvd – Published: 2025-08-15 15:11 – Updated: 2025-08-20 19:50
VLAI?
Title
Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity ?
7.1 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 6.0.0.609
Affected: < 5.0.2.1610 Affected: < 4.0.6.3183 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:09:49.364643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:09:59.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-20T19:50:53.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.0.609"
},
{
"status": "affected",
"version": "\u003c 5.0.2.1610"
},
{
"status": "affected",
"version": "\u003c 4.0.6.3183"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:11:29.986Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8429"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
}
],
"source": {
"advisory": "GHSA-fx9r-rj68-7p69",
"discovery": "UNKNOWN"
},
"title": "Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24975",
"datePublished": "2025-08-15T15:11:29.986Z",
"dateReserved": "2025-01-29T15:18:03.211Z",
"dateUpdated": "2025-08-20T19:50:53.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41038 (GCVE-0-2023-41038)
Vulnerability from nvd – Published: 2024-03-20 14:22 – Updated: 2024-08-13 16:44
VLAI?
Title
Server crash when using specific form of SET BIND statement
Summary
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 4.0.0, < 4.0.4.2981
Affected: >= 5.0 beta1, < 5.0.0.1176 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firebird",
"vendor": "firebirdsql",
"versions": [
{
"lessThan": "4.0.4.2981",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.0.1176",
"status": "affected",
"version": "5.0_beta1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:37:40.792401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:44:27.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4.2981"
},
{
"status": "affected",
"version": "\u003e= 5.0 beta1, \u003c 5.0.0.1176"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:22:50.484Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"source": {
"advisory": "GHSA-6fv8-8rwr-9692",
"discovery": "UNKNOWN"
},
"title": "Server crash when using specific form of SET BIND statement"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41038",
"datePublished": "2024-03-20T14:22:50.484Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-08-13T16:44:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11509 (GCVE-0-2017-11509)
Vulnerability from nvd – Published: 2018-03-28 17:00 – Updated: 2024-09-16 22:24
VLAI?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Severity ?
No CVSS data available.
CWE
- Authenticated Remote Code Execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Firebird Foundation | Firebird SQL Server |
Affected:
2.5.7
Affected: 3.0.2 |
Date Public ?
2017-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firebird SQL Server",
"vendor": "Firebird Foundation",
"versions": [
{
"status": "affected",
"version": "2.5.7"
},
{
"status": "affected",
"version": "3.0.2"
}
]
}
],
"datePublic": "2017-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T13:06:10.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2017-11-21T00:00:00",
"ID": "CVE-2017-11509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firebird SQL Server",
"version": {
"version_data": [
{
"version_value": "2.5.7"
},
{
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "Firebird Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2017-11509",
"datePublished": "2018-03-28T17:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6369 (GCVE-0-2017-6369)
Vulnerability from nvd – Published: 2017-03-24 10:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T16:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3824",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5474",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3929-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6369",
"datePublished": "2017-03-24T10:00:00.000Z",
"dateReserved": "2017-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1569 (GCVE-0-2016-1569)
Vulnerability from nvd – Published: 2016-01-13 15:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2016-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5068",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"name": "http://sourceforge.net/p/firebird/code/62783/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1569",
"datePublished": "2016-01-13T15:00:00.000Z",
"dateReserved": "2016-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-40342 (GCVE-0-2026-40342)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:22 – Updated: 2026-04-22 13:56
VLAI?
Title
Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
10 (Critical)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T03:55:33.795186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:56:49.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library\u0027s initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server\u0027s OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:22:46.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7pxc-h3rv-r257",
"discovery": "UNKNOWN"
},
"title": "Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40342",
"datePublished": "2026-04-17T19:22:46.644Z",
"dateReserved": "2026-04-10T22:50:01.358Z",
"dateUpdated": "2026-04-22T13:56:49.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35215 (GCVE-0-2026-35215)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:59 – Updated: 2026-04-20 15:40
VLAI?
Title
Firebird: DoS via malicious slice descriptor in slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-369 - Divide By Zero
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35215",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T15:40:04.996968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T15:40:39.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369: Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:59:23.663Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-g99w-prq5-29c6",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via malicious slice descriptor in slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35215",
"datePublished": "2026-04-17T18:59:23.663Z",
"dateReserved": "2026-04-01T18:48:58.937Z",
"dateUpdated": "2026-04-20T15:40:39.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34232 (GCVE-0-2026-34232)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:52 – Updated: 2026-04-20 13:46
VLAI?
Title
Firebird: DoS via `op_response` packet from client
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-228 - Improper Handling of Syntactically Invalid Structure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34232",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:42:40.302937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:46:08.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:52:11.693Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7jq3-6j3c-5cm2",
"discovery": "UNKNOWN"
},
"title": "Firebird: DoS via `op_response` packet from client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34232",
"datePublished": "2026-04-17T18:52:11.693Z",
"dateReserved": "2026-03-26T16:22:29.034Z",
"dateUpdated": "2026-04-20T13:46:08.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33337 (GCVE-0-2026-33337)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:48 – Updated: 2026-04-17 19:21
VLAI?
Title
Firebird has a buffer overflow when parsing corrupted slice packets
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:21:08.979325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:21:17.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:48:47.953Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-89mq-229g-x47p",
"discovery": "UNKNOWN"
},
"title": "Firebird has a buffer overflow when parsing corrupted slice packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33337",
"datePublished": "2026-04-17T18:48:47.953Z",
"dateReserved": "2026-03-18T22:15:11.812Z",
"dateUpdated": "2026-04-17T19:21:17.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28224 (GCVE-0-2026-28224)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:38 – Updated: 2026-04-17 19:31
VLAI?
Title
Firebird Null Pointer Dereference via CryptCallback causes DOS
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:31:35.290539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:31:38.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:38:58.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-xrcw-wpjx-pr95",
"discovery": "UNKNOWN"
},
"title": "Firebird Null Pointer Dereference via CryptCallback causes DOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28224",
"datePublished": "2026-04-17T18:38:58.138Z",
"dateReserved": "2026-02-25T15:28:40.650Z",
"dateUpdated": "2026-04-17T19:31:38.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28214 (GCVE-0-2026-28214)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:35 – Updated: 2026-04-20 13:46
VLAI?
Title
Firebird server hangs when using specific clumplet on batch creation
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:41:09.298737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:46:08.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:35:46.974Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-7cq5-994r-jhrf",
"discovery": "UNKNOWN"
},
"title": "Firebird server hangs when using specific clumplet on batch creation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28214",
"datePublished": "2026-04-17T18:35:46.974Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-20T13:46:08.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27890 (GCVE-0-2026-27890)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:14 – Updated: 2026-04-17 18:50
VLAI?
Title
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments
Summary
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27890",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:50:13.916401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:50:22.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class\u0027s grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:36:11.924Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-6crx-4g37-7j49",
"discovery": "UNKNOWN"
},
"title": "Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27890",
"datePublished": "2026-04-17T18:14:29.433Z",
"dateReserved": "2026-02-24T15:19:29.716Z",
"dateUpdated": "2026-04-17T18:50:22.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28212 (GCVE-0-2026-28212)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:05 – Updated: 2026-04-20 13:46
VLAI?
Title
Firebird has potential server crash via null pointer dereference when processing op_slice packet
Summary
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28212",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:44:29.423772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:46:08.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:10:29.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-9884-9qm3-hqch",
"discovery": "UNKNOWN"
},
"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28212",
"datePublished": "2026-04-17T18:05:25.854Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-20T13:46:08.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65104 (GCVE-0-2025-65104)
Vulnerability from cvelistv5 – Published: 2026-04-17 17:47 – Updated: 2026-04-17 18:25
VLAI?
Title
Firebird: Information leak vulnerability in firebird3 client when used with newer server
Summary
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
Severity ?
7.9 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 4.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:25:02.873225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:25:11.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T17:47:42.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0"
}
],
"source": {
"advisory": "GHSA-mfpr-9886-xjhg",
"discovery": "UNKNOWN"
},
"title": "Firebird: Information leak vulnerability in firebird3 client when used with newer server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65104",
"datePublished": "2026-04-17T17:47:42.109Z",
"dateReserved": "2025-11-17T20:55:34.693Z",
"dateUpdated": "2026-04-17T18:25:11.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24975 (GCVE-0-2025-24975)
Vulnerability from cvelistv5 – Published: 2025-08-15 15:11 – Updated: 2025-08-20 19:50
VLAI?
Title
Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External
Summary
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.
Severity ?
7.1 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 6.0.0.609
Affected: < 5.0.2.1610 Affected: < 4.0.6.3183 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:09:49.364643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:09:59.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-20T19:50:53.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.0.609"
},
{
"status": "affected",
"version": "\u003c 5.0.2.1610"
},
{
"status": "affected",
"version": "\u003c 4.0.6.3183"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:11:29.986Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8429"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"
}
],
"source": {
"advisory": "GHSA-fx9r-rj68-7p69",
"discovery": "UNKNOWN"
},
"title": "Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24975",
"datePublished": "2025-08-15T15:11:29.986Z",
"dateReserved": "2025-01-29T15:18:03.211Z",
"dateUpdated": "2025-08-20T19:50:53.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54989 (GCVE-0-2025-54989)
Vulnerability from cvelistv5 – Published: 2025-08-15 15:04 – Updated: 2025-11-03 18:13
VLAI?
Title
Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability
Summary
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.13
Affected: < 4.0.6 Affected: < 5.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T19:08:23.768876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T19:08:38.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:39.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.13"
},
{
"status": "affected",
"version": "\u003c 4.0.6"
},
{
"status": "affected",
"version": "\u003c 5.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T15:04:19.097Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp"
},
{
"name": "https://github.com/FirebirdSQL/firebird/issues/8554",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/issues/8554"
},
{
"name": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25"
}
],
"source": {
"advisory": "GHSA-7qp6-hqxj-pjjp",
"discovery": "UNKNOWN"
},
"title": "Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54989",
"datePublished": "2025-08-15T15:04:19.097Z",
"dateReserved": "2025-08-04T17:34:24.419Z",
"dateUpdated": "2025-11-03T18:13:39.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-41038 (GCVE-0-2023-41038)
Vulnerability from cvelistv5 – Published: 2024-03-20 14:22 – Updated: 2024-08-13 16:44
VLAI?
Title
Server crash when using specific form of SET BIND statement
Summary
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 4.0.0, < 4.0.4.2981
Affected: >= 5.0 beta1, < 5.0.0.1176 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firebird",
"vendor": "firebirdsql",
"versions": [
{
"lessThan": "4.0.4.2981",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.0.1176",
"status": "affected",
"version": "5.0_beta1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:37:40.792401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:44:27.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4.2981"
},
{
"status": "affected",
"version": "\u003e= 5.0 beta1, \u003c 5.0.0.1176"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:22:50.484Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"source": {
"advisory": "GHSA-6fv8-8rwr-9692",
"discovery": "UNKNOWN"
},
"title": "Server crash when using specific form of SET BIND statement"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41038",
"datePublished": "2024-03-20T14:22:50.484Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-08-13T16:44:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11509 (GCVE-0-2017-11509)
Vulnerability from cvelistv5 – Published: 2018-03-28 17:00 – Updated: 2024-09-16 22:24
VLAI?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Severity ?
No CVSS data available.
CWE
- Authenticated Remote Code Execution
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Firebird Foundation | Firebird SQL Server |
Affected:
2.5.7
Affected: 3.0.2 |
Date Public ?
2017-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firebird SQL Server",
"vendor": "Firebird Foundation",
"versions": [
{
"status": "affected",
"version": "2.5.7"
},
{
"status": "affected",
"version": "3.0.2"
}
]
}
],
"datePublic": "2017-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T13:06:10.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2017-11-21T00:00:00",
"ID": "CVE-2017-11509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firebird SQL Server",
"version": {
"version_data": [
{
"version_value": "2.5.7"
},
{
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "Firebird Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2017-11509",
"datePublished": "2018-03-28T17:00:00.000Z",
"dateReserved": "2017-07-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6369 (GCVE-0-2017-6369)
Vulnerability from cvelistv5 – Published: 2017-03-24 10:00 – Updated: 2024-08-05 15:25
VLAI?
Summary
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T16:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3824",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5474",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3929-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6369",
"datePublished": "2017-03-24T10:00:00.000Z",
"dateReserved": "2017-02-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:25:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1569 (GCVE-0-2016-1569)
Vulnerability from cvelistv5 – Published: 2016-01-13 15:00 – Updated: 2024-08-05 23:02
VLAI?
Summary
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2016-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5068",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"name": "http://sourceforge.net/p/firebird/code/62783/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1569",
"datePublished": "2016-01-13T15:00:00.000Z",
"dateReserved": "2016-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}