Skip to main content

Suse CVE-2026-28224

| EUVDEUVD-2026-23468 HIGH
NULL Pointer Dereference (CWE-476)
2026-04-17 GitHub_M
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

7
Patch released
Apr 24, 2026 - 19:45 nvd
Patch available
Re-analysis Queued
Apr 17, 2026 - 20:22 vuln.today
cvss_changed
Patch available
Apr 17, 2026 - 20:16 EUVD
Analysis Generated
Apr 17, 2026 - 19:33 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 19:15 euvd
EUVD-2026-23468
Analysis Generated
Apr 17, 2026 - 19:15 vuln.today
CVE Published
Apr 17, 2026 - 18:38 nvd
HIGH 8.2

DescriptionGitHub Advisory

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

AnalysisAI

Null pointer dereference in Firebird SQL server causes remote denial-of-service when unauthenticated attackers send malformed op_crypt_key_callback packets. Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 are affected. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote exploitation requiring no authentication or user interaction, allowing attackers who know only the server's IP and port to crash database services. The integrity impact rating (I:L) suggests potential for limited data corruption alongside the high availability impact. Vendor-released patches are available in versions 5.0.4, 4.0.7, and 3.0.14. No public exploit code or CISA KEV listing identified at time of analysis, though the low attack complexity makes weaponization straightforward.

Technical ContextAI

Firebird is a cross-platform open-source SQL relational database descended from Borland InterBase, widely used for embedded and standalone database applications. The vulnerability stems from improper initialization of the port_server_crypt_callback handler when processing cryptographic key callback operations (op_crypt_key_callback packets) during the connection establishment phase. Per CWE-476 (NULL Pointer Dereference), the server fails to validate that authentication has occurred before dereferencing the callback handler pointer, causing the process to crash when the uninitialized pointer is accessed. The affected CPE (cpe:2.3:a:firebirdsql:firebird) encompasses all Firebird installations across the 3.0.x, 4.0.x, and 5.0.x major release branches prior to the patched versions, affecting both embedded and network-accessible server deployments.

RemediationAI

Upgrade to Firebird version 5.0.4, 4.0.7, or 3.0.14 depending on your major version branch to receive the vendor-released patch that properly initializes the port_server_crypt_callback handler before processing cryptographic callback packets. Release artifacts are available at https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4, https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7, and https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14. If immediate patching is not feasible, implement network-layer compensating controls by restricting Firebird port access (default TCP 3050) to trusted IP addresses only via firewall rules or security groups, which prevents unauthenticated external attackers from reaching the vulnerable packet handler. Note that access restrictions will block legitimate remote clients unless they connect through VPN or other approved network paths, requiring application architecture review. Connection pooling proxies or reverse proxies cannot mitigate this issue as the vulnerability occurs during initial protocol negotiation before application-layer filtering. For embedded deployments with no network listeners, the vulnerability is not exploitable remotely but upgrading is still recommended for defense-in-depth.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.3 Fixed

Share

CVE-2026-28224 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy