Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5529 | 1 Firebirdsql | 1 Firebird | 2026-04-29 | 3.5 LOW | N/A |
| TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query. | |||||
| CVE-2013-2492 | 2 Firebirdsql, Microsoft | 2 Firebird, Windows | 2026-04-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information. | |||||
| CVE-2026-35215 | 1 Firebirdsql | 1 Firebird | 2026-04-27 | N/A | 7.5 HIGH |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2026-40342 | 1 Firebirdsql | 1 Firebird | 2026-04-27 | N/A | 9.9 CRITICAL |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2026-34232 | 1 Firebirdsql | 1 Firebird | 2026-04-27 | N/A | 7.5 HIGH |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2026-33337 | 1 Firebirdsql | 1 Firebird | 2026-04-27 | N/A | 7.5 HIGH |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2025-65104 | 1 Firebirdsql | 1 Firebird | 2026-04-24 | N/A | 7.9 HIGH |
| Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher. | |||||
| CVE-2026-27890 | 1 Firebirdsql | 1 Firebird | 2026-04-24 | N/A | 8.2 HIGH |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2026-28212 | 1 Firebirdsql | 1 Firebird | 2026-04-24 | N/A | 7.5 HIGH |
| Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2026-28214 | 1 Firebirdsql | 1 Firebird | 2026-04-24 | N/A | 6.5 MEDIUM |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2026-28224 | 1 Firebirdsql | 1 Firebird | 2026-04-24 | N/A | 8.2 HIGH |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | |||||
| CVE-2007-4992 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050. | |||||
| CVE-2006-7212 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. | |||||
| CVE-2008-0387 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 7.8 HIGH | N/A |
| Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. | |||||
| CVE-2007-5245 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function. | |||||
| CVE-2006-7211 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 4.9 MEDIUM | N/A |
| fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. | |||||
| CVE-2007-4669 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 4.0 MEDIUM | N/A |
| The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | |||||
| CVE-2007-4667 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149. | |||||
| CVE-2007-5246 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function. | |||||
| CVE-2008-0467 | 1 Firebirdsql | 1 Firebird | 2026-04-23 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. | |||||