Skip to main content

Suse CVE-2026-27890

| EUVDEUVD-2026-23460 HIGH
Buffer Overflow (CWE-119)
2026-04-17 GitHub_M
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

7
Patch released
Apr 24, 2026 - 20:05 nvd
Patch available
Re-analysis Queued
Apr 17, 2026 - 19:22 vuln.today
cvss_changed
Patch available
Apr 17, 2026 - 19:16 EUVD
Analysis Generated
Apr 17, 2026 - 19:01 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 18:45 euvd
EUVD-2026-23460
Analysis Generated
Apr 17, 2026 - 18:45 vuln.today
CVE Published
Apr 17, 2026 - 18:14 nvd
HIGH 8.2

DescriptionGitHub Advisory

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14,, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

AnalysisAI

Remote denial-of-service in Firebird database server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via malformed authentication packets. Exploitable by sending out-of-order CNCT_specific_data segments during connection setup, triggering a negative size calculation and segmentation fault. No authentication, credentials, or special configuration required - only knowledge of server IP and port. CVSS 8.2 (High) with network vector, low complexity, and no privileges required. No public exploit code or active exploitation (CISA KEV) identified at time of analysis, though the attack surface is maximally exposed given the unauthenticated network vector and low complexity (AV:N/AC:L/PR:N).

Technical ContextAI

Firebird is an open-source SQL relational database management system used across Linux, Windows, and Unix platforms. The vulnerability resides in the authentication handshake parsing logic, specifically the handling of CNCT_specific_data segments during the initial connection negotiation phase (prior to credential validation). The server's Array class uses a grow() method to dynamically resize buffers based on segment ordering assumptions. When segments arrive out of sequence, an integer underflow occurs: the computed buffer size becomes negative, which is then cast to an unsigned value, resulting in an enormous allocation request or direct memory access violation (SIGSEGV). This is classified as CWE-119 (Improper Restriction on Operations within the Bounds of a Memory Buffer), encompassing both buffer overflows and underflows. The vulnerability affects all Firebird 3.x (before 3.0.14), 4.x (before 4.0.7), and 5.x (before 5.0.4) branches per the CPE data and vendor advisories.

RemediationAI

Upgrade to patched Firebird versions immediately: 5.0.4 for 5.x deployments, 4.0.7 for 4.x deployments, or 3.0.14 for 3.x deployments. Download from official GitHub releases: https://github.com/FirebirdSQL/firebird/releases. Full security advisory at https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49. If immediate patching is not feasible, implement network-level access controls as compensating controls: restrict Firebird port access (default TCP 3050) using firewall rules to allow connections only from trusted application servers and administrative workstations, blocking all other inbound traffic. Deploy network intrusion detection/prevention systems (IDS/IPS) with signatures for malformed Firebird authentication packets or repeated connection attempts followed by crashes. Note that IP-based restrictions reduce but do not eliminate risk if attackers have presence on trusted network segments, and IDS/IPS may introduce latency or false positives for legitimate high-volume database traffic. These mitigations are temporary - prioritize the vendor patch as the definitive fix.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.3 Fixed

Share

CVE-2026-27890 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy