Debian Firebird3.0 vulnerabilities
4 known vulnerabilities affecting debian/firebird3.0.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2017-11509P3HIGHCVSS 8.8fixed in firebird3.0 3.0.3.32900.ds4-3 (bookworm)2017
CVE-2017-11509 [HIGH] CVE-2017-11509: firebird3.0 - An authenticated remote attacker can execute arbitrary code in Firebird SQL Serv...
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Scope: local
bookworm: resolved (fixed in 3.0.3.32900.ds4-3)
bullseye: resolved (fixed in 3.0.3.32900.ds4-3)
forky: resolved (fixed in 3.0.3.32900.ds4-3)
sid: resolved (fixed in 3.0.3.32900.ds4-3)
trixie: resolved (f
debian
CVE-2025-24975P3LOWCVSS 7.1fixed in firebird4.0 4.0.6.3221.ds6-1 (forky)2025
CVE-2025-24975 [HIGH] CVE-2025-24975: firebird3.0 - Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2....
Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the serv
debian
CVE-2017-6369P3HIGHCVSS 8.8fixed in firebird3.0 3.0.1.32609.ds4-14 (bookworm)2017
CVE-2017-6369 [HIGH] CVE-2017-6369: firebird3.0 - Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0....
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
Scope: local
bookworm: resolved (fixed in 3.0.1.32609.ds4-14)
bullseye: resolved (fixed in 3.0.1.32609.ds4-14)
forky: resolved (fixed in 3.0.1.32609.ds4-14)
sid: resolved (fixe
debian
CVE-2025-54989P3MEDIUMCVSS 5.3fixed in firebird3.0 3.0.11.33637.ds4-2+deb12u1 (bookworm)2025
CVE-2025-54989 [MEDIUM] CVE-2025-54989: firebird3.0 - Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, t...
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0
debian