Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionGitHub Advisory
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Integer overflow in Firebird database versions prior to 5.0.4, 4.0.7, and 3.0.14 allows authenticated users with INSERT privileges to trigger a denial of service via a malformed Batch Parameter Block that overflows the totalLength value in ClumpletReader::getClumpletSize(), causing infinite loop conditions on the server.
Technical ContextAI
Firebird's ClumpletReader::getClumpletSize() function processes Wide type clumplets within Batch Parameter Blocks (BPBs) - structures used to pass parameters to database operations. The vulnerability stems from an integer overflow (CWE-190) in the totalLength accumulation logic when parsing clumplet size fields. When a Wide type clumplet is crafted with specific values, the totalLength integer wraps around, causing the parsing loop to never reach its termination condition and instead iterate infinitely. This affects the core parameter parsing mechanism used during authenticated database session setup and command execution. The CPE indicates all versions of Firebird are potentially affected until the stated patch versions are applied.
RemediationAI
Upgrade to Firebird 5.0.4, 4.0.7, or 3.0.14 (or later patches within your major version) immediately. The vendor has released patched versions for all supported branches. Interim compensating controls include restricting INSERT privileges to only trusted application accounts and specific tables via role-based access control (REVOKE INSERT from untrusted roles), disabling user database creation if not required (reduces attack surface for privilege escalation paths), and implementing connection-level rate limiting or query timeout policies at the firewall or proxy layer to mitigate infinite loop impact. However, these controls do not eliminate the vulnerability - patching is the only definitive fix. Organizations unable to patch immediately should audit database user accounts with INSERT privileges and revoke them from accounts not requiring them.
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23466