Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14,, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Remote denial-of-service in Firebird database server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via malformed authentication packets. Exploitable by sending out-of-order CNCT_specific_data segments during connection setup, triggering a negative size calculation and segmentation fault. No authentication, credentials, or special configuration required - only knowledge of server IP and port. CVSS 8.2 (High) with network vector, low complexity, and no privileges required. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the attack surface is maximally exposed given the unauthenticated network vector and low complexity (AV:N/AC:L/PR:N).
Technical ContextAI
Firebird is an open-source SQL relational database management system used across Linux, Windows, and Unix platforms. The vulnerability resides in the authentication handshake parsing logic, specifically the handling of CNCT_specific_data segments during the initial connection negotiation phase (prior to credential validation). The server's Array class uses a grow() method to dynamically resize buffers based on segment ordering assumptions. When segments arrive out of sequence, an integer underflow occurs: the computed buffer size becomes negative, which is then cast to an unsigned value, resulting in an enormous allocation request or direct memory access violation (SIGSEGV). This is classified as CWE-119 (Improper Restriction on Operations within the Bounds of a Memory Buffer), encompassing both buffer overflows and underflows. The vulnerability affects all Firebird 3.x (before 3.0.14), 4.x (before 4.0.7), and 5.x (before 5.0.4) branches per the CPE data and vendor advisories.
RemediationAI
Upgrade to patched Firebird versions immediately: 5.0.4 for 5.x deployments, 4.0.7 for 4.x deployments, or 3.0.14 for 3.x deployments. Download from official GitHub releases: https://github.com/FirebirdSQL/firebird/releases. Full security advisory at https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49. If immediate patching is not feasible, implement network-level access controls as compensating controls: restrict Firebird port access (default TCP 3050) using firewall rules to allow connections only from trusted application servers and administrative workstations, blocking all other inbound traffic. Deploy network intrusion detection/prevention systems (IDS/IPS) with signatures for malformed Firebird authentication packets or repeated connection attempts followed by crashes. Note that IP-based restrictions reduce but do not eliminate risk if attackers have presence on trusted network segments, and IDS/IPS may introduce latency or false positives for legitimate high-volume database traffic. These mitigations are temporary - prioritize the vendor patch as the definitive fix.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23460