Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Remote denial-of-service in Firebird Database Server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via crafted XDR-encoded op_response packets. The xdr_status_vector() function fails to handle isc_arg_cstring status vector types during packet decoding, triggering immediate server termination. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and CWE-228 (Improper Handling of Syntactically Invalid Structure), this represents a high-severity availability risk for internet-exposed Firebird instances. No active exploitation confirmed, but exploit development is trivial given the low attack complexity.
Technical ContextAI
Firebird is a mature open-source SQL relational database supporting ANSI SQL features, embedded and client-server architectures, and multi-version concurrency control. This vulnerability affects the network protocol layer's XDR (External Data Representation) decoder, specifically the xdr_status_vector() function responsible for unmarshaling status information from op_response packets sent by remote clients or during protocol negotiation. CWE-228 (Improper Handling of Syntactically Invalid Structure) indicates the parser lacks validation for the isc_arg_cstring argument type within status vectors-a fundamental protocol parsing flaw. When the decoder encounters this unexpected type during op_response processing, it triggers undefined behavior leading to server process crash. The vulnerability exists across all three maintained major version branches (3.x, 4.x, 5.x), suggesting the flawed parsing logic was inherited through the codebase evolution. The network-accessible attack surface (default TCP port 3050) and complete lack of authentication requirements make this exploitable against any exposed Firebird instance running vulnerable versions.
RemediationAI
Upgrade to vendor-released patched versions: Firebird 5.0.4, 4.0.7, or 3.0.14 depending on your current major version branch. Release packages available at https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4, https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7, and https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14. For environments unable to immediately patch, implement network-layer access controls: restrict Firebird port 3050/TCP to trusted application server IPs only via firewall rules or security groups, eliminating unauthenticated internet exposure. This compensating control reduces attack surface to authenticated internal networks but does not eliminate risk from compromised application servers or malicious insiders. If using embedded Firebird deployments (no network listener), this vulnerability is not exploitable. Test patched versions in staging environments before production deployment, particularly for applications with custom UDF libraries or legacy InterBase compatibility requirements. No configuration changes required post-upgrade-the fix corrects protocol parsing logic transparently.
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23486