Vulnerability-Lookup

WID-SEC-W-2026-1171

Vulnerability from csaf_certbund - Published: 2026-04-19 22:00 - Updated: 2026-05-17 22:00

Summary

Firebird: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Firebird ist ein relationales Open-Source-Datenbankmanagementsystem.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Firebird ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Linux - MacOS X - UNIX - Windows

CVE-2026-40342

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

CVE-2026-28224

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

Vulnerability 3

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

CVE-2026-28214

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

CVE-2025-65104

Affected products

Known affected 3 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird Client <4.0.0 Firebird / Firebird		Client <4.0.0
Firebird Firebird Client <3.0.14 Firebird / Firebird		Client <3.0.14

CVE-2026-28212

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

CVE-2026-33337

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

CVE-2026-34232

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

CVE-2026-35215

Affected products

Known affected 5 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Firebird Firebird <3.0.14 Firebird / Firebird		<3.0.14
Firebird Firebird <4.0.7 Firebird / Firebird		<4.0.7
Firebird Firebird <6.0 Firebird / Firebird		<6.0
Firebird Firebird <5.0.4 Firebird / Firebird		<5.0.4

References

12 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://github.com/FirebirdSQL/firebird/security/…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firebird ist ein relationales Open-Source-Datenbankmanagementsystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Firebird ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1171 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1171.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1171 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1171"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg"
      },
      {
        "category": "external",
        "summary": "Firebird GitHub vom 2026-04-19",
        "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1868-1 vom 2026-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026076.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Firebird: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-17T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-18T09:57:04.287+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1171",
      "initial_release_date": "2026-04-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.0",
                "product": {
                  "name": "Firebird Firebird \u003c6.0",
                  "product_id": "T052976"
                }
              },
              {
                "category": "product_version",
                "name": "6",
                "product": {
                  "name": "Firebird Firebird 6.0",
                  "product_id": "T052976-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:firebird:firebird:6.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.0.7",
                "product": {
                  "name": "Firebird Firebird \u003c4.0.7",
                  "product_id": "T052978"
                }
              },
              {
                "category": "product_version",
                "name": "4.0.7",
                "product": {
                  "name": "Firebird Firebird 4.0.7",
                  "product_id": "T052978-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:firebird:firebird:4.0.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.0.14",
                "product": {
                  "name": "Firebird Firebird \u003c3.0.14",
                  "product_id": "T052979"
                }
              },
              {
                "category": "product_version",
                "name": "3.0.14",
                "product": {
                  "name": "Firebird Firebird 3.0.14",
                  "product_id": "T052979-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:firebird:firebird:3.0.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Client \u003c4.0.0",
                "product": {
                  "name": "Firebird Firebird Client \u003c4.0.0",
                  "product_id": "T052980"
                }
              },
              {
                "category": "product_version",
                "name": "Client 4.0.0",
                "product": {
                  "name": "Firebird Firebird Client 4.0.0",
                  "product_id": "T052980-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:firebird:firebird:client__4.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Client \u003c3.0.14",
                "product": {
                  "name": "Firebird Firebird Client \u003c3.0.14",
                  "product_id": "T052981"
                }
              },
              {
                "category": "product_version",
                "name": "Client 3.0.14",
                "product": {
                  "name": "Firebird Firebird Client 3.0.14",
                  "product_id": "T052981-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:firebird:firebird:client__3.0.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.0.4",
                "product": {
                  "name": "Firebird Firebird \u003c5.0.4",
                  "product_id": "T052982"
                }
              },
              {
                "category": "product_version",
                "name": "5.0.4",
                "product": {
                  "name": "Firebird Firebird 5.0.4",
                  "product_id": "T052982-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:firebird:firebird:5.0.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firebird"
          }
        ],
        "category": "vendor",
        "name": "Firebird"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-40342",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2026-40342"
    },
    {
      "cve": "CVE-2026-28224",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2026-28224"
    },
    {
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00"
    },
    {
      "cve": "CVE-2026-28214",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2026-28214"
    },
    {
      "cve": "CVE-2025-65104",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052980",
          "T052981"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2025-65104"
    },
    {
      "cve": "CVE-2026-28212",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2026-28212"
    },
    {
      "cve": "CVE-2026-33337",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2026-33337"
    },
    {
      "cve": "CVE-2026-34232",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2026-34232"
    },
    {
      "cve": "CVE-2026-35215",
      "product_status": {
        "known_affected": [
          "T002207",
          "T052979",
          "T052978",
          "T052976",
          "T052982"
        ]
      },
      "release_date": "2026-04-19T22:00:00.000+00:00",
      "title": "CVE-2026-35215"
    }
  ]
}

CVE-2025-65104 (GCVE-0-2025-65104)

Vulnerability from cvelistv5 – Published: 2026-04-17 17:47 – Updated: 2026-04-17 18:25

Title

Firebird: Information leak vulnerability in firebird3 client when used with newer server

Summary

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.

Severity

7.9 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: < 4.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-65104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T18:25:02.873225Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T18:25:11.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T17:47:42.109Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0"
        }
      ],
      "source": {
        "advisory": "GHSA-mfpr-9886-xjhg",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird: Information leak vulnerability in firebird3 client when used with newer server"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-65104",
    "datePublished": "2026-04-17T17:47:42.109Z",
    "dateReserved": "2025-11-17T20:55:34.693Z",
    "dateUpdated": "2026-04-17T18:25:11.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28212 (GCVE-0-2026-28212)

Vulnerability from cvelistv5 – Published: 2026-04-17 18:05 – Updated: 2026-04-20 13:46

Title

Firebird has potential server crash via null pointer dereference when processing op_slice packet

Summary

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: < 3.0.14 Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28212",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T13:44:29.423772Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T13:46:08.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T18:10:29.394Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
        }
      ],
      "source": {
        "advisory": "GHSA-9884-9qm3-hqch",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28212",
    "datePublished": "2026-04-17T18:05:25.854Z",
    "dateReserved": "2026-02-25T15:28:40.649Z",
    "dateUpdated": "2026-04-20T13:46:08.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28214 (GCVE-0-2026-28214)

Vulnerability from cvelistv5 – Published: 2026-04-17 18:35 – Updated: 2026-04-20 13:46

Title

Firebird server hangs when using specific clumplet on batch creation

Summary

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Severity

6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-190 - Integer Overflow or Wraparound
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: >= 3.0.0, < 3.0.14 Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28214",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T13:41:09.298737Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T13:46:08.635Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T18:35:46.974Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
        }
      ],
      "source": {
        "advisory": "GHSA-7cq5-994r-jhrf",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird server hangs when using specific clumplet on batch creation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28214",
    "datePublished": "2026-04-17T18:35:46.974Z",
    "dateReserved": "2026-02-25T15:28:40.649Z",
    "dateUpdated": "2026-04-20T13:46:08.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28224 (GCVE-0-2026-28224)

Vulnerability from cvelistv5 – Published: 2026-04-17 18:38 – Updated: 2026-04-17 19:31

Title

Firebird Null Pointer Dereference via CryptCallback causes DOS

Summary

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: >= 3.0.0, < 3.0.14 Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28224",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T19:31:35.290539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T19:31:38.952Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T18:38:58.138Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
        }
      ],
      "source": {
        "advisory": "GHSA-xrcw-wpjx-pr95",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird Null Pointer Dereference via CryptCallback causes DOS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28224",
    "datePublished": "2026-04-17T18:38:58.138Z",
    "dateReserved": "2026-02-25T15:28:40.650Z",
    "dateUpdated": "2026-04-17T19:31:38.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33337 (GCVE-0-2026-33337)

Vulnerability from cvelistv5 – Published: 2026-04-17 18:48 – Updated: 2026-04-17 19:21

Title

Firebird has a buffer overflow when parsing corrupted slice packets

Summary

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-502 - Deserialization of Untrusted Data

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: >= 3.0.0, < 3.0.14 Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33337",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T19:21:08.979325Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T19:21:17.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T18:48:47.953Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
        }
      ],
      "source": {
        "advisory": "GHSA-89mq-229g-x47p",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird has a buffer overflow when parsing corrupted slice packets"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33337",
    "datePublished": "2026-04-17T18:48:47.953Z",
    "dateReserved": "2026-03-18T22:15:11.812Z",
    "dateUpdated": "2026-04-17T19:21:17.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34232 (GCVE-0-2026-34232)

Vulnerability from cvelistv5 – Published: 2026-04-17 18:52 – Updated: 2026-04-20 13:46

Title

Firebird: DoS via `op_response` packet from client

Summary

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-228 - Improper Handling of Syntactically Invalid Structure

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: >= 3.0.0, < 3.0.14 Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34232",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T13:42:40.302937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T13:46:08.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-228",
              "description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T18:52:11.693Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
        }
      ],
      "source": {
        "advisory": "GHSA-7jq3-6j3c-5cm2",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird: DoS via `op_response` packet from client"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34232",
    "datePublished": "2026-04-17T18:52:11.693Z",
    "dateReserved": "2026-03-26T16:22:29.034Z",
    "dateUpdated": "2026-04-20T13:46:08.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35215 (GCVE-0-2026-35215)

Vulnerability from cvelistv5 – Published: 2026-04-17 18:59 – Updated: 2026-04-20 15:40

Title

Firebird: DoS via malicious slice descriptor in slice packet

Summary

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-369 - Divide By Zero

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: >= 3.0.0, < 3.0.14 Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35215",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T15:40:04.996968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T15:40:39.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-369",
              "description": "CWE-369: Divide By Zero",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T18:59:23.663Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
        }
      ],
      "source": {
        "advisory": "GHSA-g99w-prq5-29c6",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird: DoS via malicious slice descriptor in slice packet"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-35215",
    "datePublished": "2026-04-17T18:59:23.663Z",
    "dateReserved": "2026-04-01T18:48:58.937Z",
    "dateUpdated": "2026-04-20T15:40:39.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40342 (GCVE-0-2026-40342)

Vulnerability from cvelistv5 – Published: 2026-04-17 19:22 – Updated: 2026-04-22 13:56

Title

Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution

Summary

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Severity

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-427 - Uncontrolled Search Path Element
CWE-73 - External Control of File Name or Path
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/FirebirdSQL/firebird/security/…	x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FirebirdSQL	firebird	Affected: < 3.0.14 Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40342",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T03:55:33.795186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:56:49.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firebird",
          "vendor": "FirebirdSQL",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library\u0027s initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server\u0027s OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427: Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T19:22:46.644Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7pxc-h3rv-r257"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
        },
        {
          "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
        }
      ],
      "source": {
        "advisory": "GHSA-7pxc-h3rv-r257",
        "discovery": "UNKNOWN"
      },
      "title": "Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40342",
    "datePublished": "2026-04-17T19:22:46.644Z",
    "dateReserved": "2026-04-10T22:50:01.358Z",
    "dateUpdated": "2026-04-22T13:56:49.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1171

CVE-2025-65104 (GCVE-0-2025-65104)

CVE-2026-28212 (GCVE-0-2026-28212)

CVE-2026-28214 (GCVE-0-2026-28214)

CVE-2026-28224 (GCVE-0-2026-28224)

CVE-2026-33337 (GCVE-0-2026-33337)

CVE-2026-34232 (GCVE-0-2026-34232)

CVE-2026-35215 (GCVE-0-2026-35215)

CVE-2026-40342 (GCVE-0-2026-40342)

Tags

Sightings

Nomenclature