Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Buffer overflow in Firebird RDBMS allows remote unauthenticated attackers to crash database servers via malformed slice packets. Affects Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 across all three maintained major release branches. The xdr_datum() deserialization function fails to validate cstring lengths against slice descriptor bounds during packet processing, enabling heap buffer overflow. CVSS 7.5 (High) with network attack vector and no authentication required. EPSS data not available, no KEV listing identified, but public vendor advisory and tagged releases confirm the issue and provide specific fix versions.
Technical ContextAI
Firebird is an open-source SQL relational database supporting ANSI SQL features, commonly deployed in embedded systems and enterprise applications. This vulnerability resides in the XDR (External Data Representation) deserialization layer that handles slice packets - protocol messages used for array data transfer between client and server. The xdr_datum() function processes incoming cstring data types but lacks bounds validation against the slice descriptor's declared buffer size. CWE-120 (Buffer Copy without Checking Size of Input) confirms this is a classic heap overflow condition where attacker-controlled length values can cause memcpy or similar operations to write beyond allocated memory. The slice packet protocol operates at the database wire protocol level, processed before authentication in some code paths, enabling pre-authentication exploitation. Firebird's architecture uses a multi-threaded server model where such memory corruption can affect process stability and potentially adjacent memory structures.
RemediationAI
Upgrade immediately to Firebird 5.0.4 (for 5.x deployments), 4.0.7 (for 4.x deployments), or 3.0.14 (for 3.x LTS deployments). Tagged releases confirming fixes available at https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4, v4.0.7, and v3.0.14 respectively. Test application compatibility in staging before production deployment, particularly for major version upgrades from 3.x to 4.x or 5.x. If immediate patching is not feasible, implement network-level compensating controls: restrict Firebird port 3050/tcp access using firewall rules to trusted IP ranges only, deploy behind VPN or bastion hosts for remote access, and enable connection authentication at the network perimeter. Note that application-layer authentication does not mitigate this pre-auth vulnerability. For containerized deployments, update base images and redeploy. Monitor Firebird error logs for unusual connection terminations or segmentation faults that may indicate exploitation attempts. These mitigations reduce attack surface but do not eliminate the vulnerability - patching remains the only complete remediation.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23482