SUSE-SU-2026:1868-1 Security update for firebird

This update for firebird fixes the following issues - CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer = 4 server bsc1262330. - CVE-2026-27890: Pre-Auth DOS bsc1262328. - CVE-2026-28212: One packet DoS bsc1262329. - CVE-2026-28214: Server hangs when using...

CVE-2026-28224 Firebird Null Pointer Dereference via CryptCallback causes DOS

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

CVE-2026-28224

Firebird CVE-2026-28224 affects Firebird server prior to 5.0.4, 4.0.7, and 3.0.14. When the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, causing a null pointer dereference and a server crash. An unauthenti...

SUSE CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

CVE-2025-24975

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when...

PT-2025-33489 · Firebird · Firebird

Name of the Vulnerable Software and Affected Versions: Firebird versions prior to 4.0.6.3183 Firebird versions prior to 5.0.2.1610 Firebird versions prior to 6.0.0.609 Description: Firebird is a relational database. If the ExtConnPoolSize parameter is not set to 0, a server process segfault may...