cbcvebase.

Firebirdsql Firebird vulnerabilities

46 known vulnerabilities affecting firebirdsql/firebird.

Total CVEs
46
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH19MEDIUM18LOW2

Vulnerabilities

Page 1 of 3
CVE-2008-0387P2HIGHCVSS 7.8PoC≤ 1.0.3≥ 1.5, < 1.5.6+2 more2008-01-29
CVE-2008-0387 [HIGH] CWE-189 CVE-2008-0387: Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1. Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corrupt
nvd
CVE-2013-2492P2MEDIUMCVSS 6.8PoCv2.1.3v2.1.4+4 more2013-03-15
CVE-2013-2492 [MEDIUM] CWE-119 CVE-2013-2492: Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 be Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
nvd
CVE-2007-3181P2CRITICALCVSS 10.0PoC≤ 2.0.02007-06-12
CVE-2007-3181 [CRITICAL] CVE-2007-3181: Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute ar Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
nvd
CVE-2026-40342P2CRITICALCVSS 9.9fixed in 3.0.14≥ 4.0.0, < 4.0.7+3 more2026-04-17
CVE-2026-40342 [CRITICAL] CWE-22 CVE-2026-40342: Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to lo
nvd
CVE-2001-0008P3CRITICALCVSS 10.0PoC≤ 0.9.32001-02-12
CVE-2001-0008 [CRITICAL] CVE-2001-0008: Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files u Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
nvd
CVE-2017-11509P3HIGHCVSS 8.8v2.5.7v3.0.22018-03-28
CVE-2017-11509 [HIGH] CWE-89 CVE-2017-11509: An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 an An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
nvd
CVE-2007-4992P3CRITICALCVSS 10.0v2.0.22007-10-11
CVE-2007-4992 [CRITICAL] CWE-119 CVE-2007-4992: Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 all Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.
nvd
CVE-2025-24975P3HIGHCVSS 8.8≥ 4.0.0, < 4.0.6≥ 5.0.0, < 5.0.2+3 more2025-08-15
CVE-2025-24975 [HIGH] CWE-754 CVE-2025-24975: Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault
nvd
CVE-2017-6369P3HIGHCVSS 8.8≥ 2.5.0, < 2.5.7≥ 3.0.0, < 3.0.22017-03-24
CVE-2017-6369 [HIGH] CWE-862 CVE-2017-6369: Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
nvd
CVE-2007-5245P3CRITICALCVSS 10.0v1.5.3.4870v1.5.4.49102007-10-06
CVE-2007-5245 [CRITICAL] CWE-119 CVE-2007-5245: Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 an Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function.
nvd
CVE-2026-28224P3HIGHCVSS 8.2fixed in 3.0.14≥ 4.0.0, < 4.0.7+4 more2026-04-17
CVE-2026-28224 [HIGH] CWE-476 CVE-2026-28224: Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows
nvd
CVE-2007-5246P3CRITICALCVSS 10.0v2.0.0.12748v2.0.1.128552007-10-06
CVE-2007-5246 [CRITICAL] CWE-119 CVE-2007-5246: Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.
nvd
CVE-2026-27890P3HIGHCVSS 8.2fixed in 3.0.14≥ 4.0.0, < 4.0.7+4 more2026-04-17
CVE-2026-27890 [HIGH] CWE-119 CVE-2026-27890: Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGS
nvd
CVE-2009-2620P4MEDIUMCVSS 5.0PoC≥ 1.5, < 1.5.6≥ 2.0.0, < 2.0.6+2 more2009-07-29
CVE-2009-2620 [MEDIUM] CWE-20 CVE-2009-2620: src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
nvd
CVE-2008-0467P3CRITICALCVSS 10.0≤ 2.0.3≤ 2.12008-01-29
CVE-2008-0467 [CRITICAL] CWE-119 CVE-2008-0467: Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
nvd
CVE-2026-33337P3HIGHCVSS 7.5≥ 3.0.0, < 3.0.14≥ 4.0.0, < 4.0.7+4 more2026-04-17
CVE-2026-33337 [HIGH] CWE-120 CVE-2026-33337: Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can e
nvd
CVE-2026-28212P3HIGHCVSS 7.5fixed in 3.0.14≥ 4.0.0, < 4.0.7+3 more2026-04-17
CVE-2026-28212 [HIGH] CWE-476 CVE-2026-28212: Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trig
nvd
CVE-2026-34232P3HIGHCVSS 7.5≥ 3.0.0, < 3.0.14≥ 4.0.0, < 4.0.7+4 more2026-04-17
CVE-2026-34232 [HIGH] CWE-228 CVE-2026-34232: Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a craf
nvd
CVE-2026-35215P3HIGHCVSS 7.5≥ 3.0.0, < 3.0.14≥ 4.0.0, < 4.0.7+4 more2026-04-17
CVE-2026-35215 [HIGH] CWE-369 CVE-2026-35215: Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can e
nvd
CVE-2004-2043P4MEDIUMCVSS 5.0PoCv1.02004-05-01
CVE-2004-2043 [MEDIUM] CVE-2004-2043: Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly ot Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
nvd
Firebirdsql Firebird vulnerabilities | cvebase