Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Null pointer dereference in Firebird SQL server causes remote denial-of-service when unauthenticated attackers send malformed op_crypt_key_callback packets. Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 are affected. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote exploitation requiring no authentication or user interaction, allowing attackers who know only the server's IP and port to crash database services. The integrity impact rating (I:L) suggests potential for limited data corruption alongside the high availability impact. Vendor-released patches are available in versions 5.0.4, 4.0.7, and 3.0.14. No public exploit code or CISA KEV listing identified at time of analysis, though the low attack complexity makes weaponization straightforward.
Technical ContextAI
Firebird is a cross-platform open-source SQL relational database descended from Borland InterBase, widely used for embedded and standalone database applications. The vulnerability stems from improper initialization of the port_server_crypt_callback handler when processing cryptographic key callback operations (op_crypt_key_callback packets) during the connection establishment phase. Per CWE-476 (NULL Pointer Dereference), the server fails to validate that authentication has occurred before dereferencing the callback handler pointer, causing the process to crash when the uninitialized pointer is accessed. The affected CPE (cpe:2.3:a:firebirdsql:firebird) encompasses all Firebird installations across the 3.0.x, 4.0.x, and 5.0.x major release branches prior to the patched versions, affecting both embedded and network-accessible server deployments.
RemediationAI
Upgrade to Firebird version 5.0.4, 4.0.7, or 3.0.14 depending on your major version branch to receive the vendor-released patch that properly initializes the port_server_crypt_callback handler before processing cryptographic callback packets. Release artifacts are available at https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4, https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7, and https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14. If immediate patching is not feasible, implement network-layer compensating controls by restricting Firebird port access (default TCP 3050) to trusted IP addresses only via firewall rules or security groups, which prevents unauthenticated external attackers from reaching the vulnerable packet handler. Note that access restrictions will block legitimate remote clients unless they connect through VPN or other approved network paths, requiring application architecture review. Connection pooling proxies or reverse proxies cannot mitigate this issue as the vulnerability occurs during initial protocol negotiation before application-layer filtering. For embedded deployments with no network listeners, the vulnerability is not exploitable remotely but upgrading is still recommended for defense-in-depth.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23468