How to fix CVE-2026-33337?

Within 24 hours: Verify Firebird versions across all production and non-production systems using 'SELECT rdb$get_context('SYSTEM', 'ENGINE_VERSION')' or version command-line queries. Within 7 days: Apply vendor-released patches-upgrade to Firebird 5.0.4, 4.0.7, or 3.0.14 or later depending on your major version. Prioritize production systems first. Coordinate maintenance windows with application teams. Within 30 days: Complete inventory of all systems and confirm patch deployment; conduct post-patch validation testing on a non-production replica before full production cutover if not completed in week one.

Is Firebird affected by CVE-2026-33337?

Firebird RDBMS contains a critical remote buffer overflow vulnerability (CVE-2026-33337) in packet processing that enables unauthenticated attackers to crash database servers without credentials.

CVE-2026-33337

EUVD-2026-23482 HIGH

2026-04-17 GitHub_M

Buffer Overflow Firebird

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

patch_available

Apr 17, 2026 - 20:16 EUVD

Analysis Generated

Apr 17, 2026 - 19:33 vuln.today

DescriptionNVD

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

AnalysisAI

Buffer overflow in Firebird RDBMS allows remote unauthenticated attackers to crash database servers via malformed slice packets. Affects Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 across all three maintained major release branches. …

RemediationAI

Within 24 hours: Verify Firebird versions across all production and non-production systems using 'SELECT rdb$get_context('SYSTEM', 'ENGINE_VERSION')' or version command-line queries. Within 7 days: Apply vendor-released patches-upgrade to Firebird 5.0.4, 4.0.7, or 3.0.14 or later depending on your major version. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33337 vulnerability details – vuln.today

Back

CVE-2026-33337

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code