Lucene search
K

130 matches found

UbuntuCve
UbuntuCve
added 2026/04/17 7:16 p.m.6 views

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.9AI score0.00543EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/17 6:59 p.m.33 views

CVE-2026-35215 Firebird: DoS via malicious slice descriptor in slice packet

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS0.00466EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/17 6:59 p.m.10 views

EUVD-2026-23490

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdldesc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing...

7.5CVSS5.7AI score0.00466EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 6:52 p.m.2 views

CVE-2026-34232

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

7.5CVSS5.7AI score0.00466EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/04/17 6:48 p.m.5 views

CVE-2026-33337

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.6AI score0.00543EPSS
Exploits1
EUVD
EUVD
added 2026/04/17 6:48 p.m.8 views

EUVD-2026-23482

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdrdatum function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated...

7.5CVSS5.9AI score0.00543EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/17 6:38 p.m.10 views

EUVD-2026-23468

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/04/17 6:38 p.m.5 views

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.2AI score0.00465EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/04/17 6:38 p.m.6 views

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/17 6:35 p.m.11 views

CVE-2026-28214

CVE-2026-28214 affects Firebird DBMS. The issue is in the ClumpletReader::getClumpletSize() when parsing a Wide type clumplet, which can overflow totalLength and cause an infinite loop. An authenticated user with INSERT privileges on any table can trigger a denial of service via a crafted Batch P...

6.5CVSS5.7AI score0.01133EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/04/17 6:35 p.m.4 views

CVE-2026-28214

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

6.5CVSS5.3AI score0.01133EPSS
Exploits1
NVD
NVD
added 2026/04/17 6:16 p.m.11 views

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

7.9CVSS0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 6:14 p.m.4 views

CVE-2026-27890 Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/04/17 6:14 p.m.10 views

CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.3AI score0.00465EPSS
Exploits1
CVE
CVE
added 2026/04/17 6:14 p.m.30 views

CVE-2026-27890

Firebird CVE-2026-27890 is a pre-auth DoS flaw. In versions prior to 5.0.4, 4.0.7 and 3.0.14, during authentication the server assumes CNCT_specific_data segments arrive in strictly ascending order. If segments arrive out of order, the Array.grow() method computes a negative size, causing a SIGSE...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 6:5 p.m.3 views

CVE-2026-28212

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 6:5 p.m.3 views

CVE-2026-28212 Firebird has potential server crash via null pointer dereference when processing op_slice packet

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.4 views

PT-2026-33480

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op crypt key callback packet without prior authentication, the port server crypt callback handler is not initialized, resulting in a null pointer dereference...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33477

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op slice network packet, the server passes an unprepared structure containing a null pointer to the SDL info function, resulting in a null pointer dereference...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33479

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges...

6CVSS5.7AI score0.01133EPSS
Exploits1References6
Rows per page
Query Builder