Firebirdsql Firebird vulnerabilities
46 known vulnerabilities affecting firebirdsql/firebird.
Total CVEs
46
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH19MEDIUM18LOW2
Vulnerabilities
Page 2 of 3
CVE-2025-65104P3HIGHCVSS 7.5fixed in 3.0.14fixed in 4.0.02026-04-17
CVE-2025-65104 [HIGH] CWE-200 CVE-2025-65104: Firebird is an open-source relational database management system. In versions FB3 of the client libr
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
nvd
CVE-2023-41038P3HIGHCVSS 7.5≥ 4.0.0, ≤ 4.0.3v5.0+2 more2024-03-20
CVE-2023-41038 [HIGH] CWE-770 CVE-2023-41038: Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2
nvd
CVE-2025-54989P3HIGHCVSS 7.5fixed in 3.0.13≥ 4.0.0, < 4.0.6+3 more2025-08-15
CVE-2025-54989 [HIGH] CWE-476 CVE-2025-54989: Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR messa
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6
nvd
CVE-2006-1240P4MEDIUMCVSS 4.6PoCv1.5v1.5.1+1 more2006-03-15
CVE-2006-1240 [MEDIUM] CVE-2006-1240: Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 all
Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.
nvd
CVE-2026-28214P3MEDIUMCVSS 6.5fixed in 3.0.14≥ 4.0.0, < 4.0.7+4 more2026-04-17
CVE-2026-28214 [MEDIUM] CWE-190 CVE-2026-28214: Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Pa
nvd
CVE-2003-0281P4MEDIUMCVSS 4.6PoCv1.0.22003-06-16
CVE-2003-0281 [MEDIUM] CVE-2003-0281: Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that us
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
nvd
CVE-2016-1569P4MEDIUMCVSS 6.5v2.5.52016-01-13
CVE-2016-1569 [MEDIUM] CWE-20 CVE-2016-1569: FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by usin
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
nvd
CVE-2007-2606P4HIGHCVSS 7.8v2.12007-05-11
CVE-2007-2606 [HIGH] CVE-2007-2606: Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries an
nvd
CVE-2007-4664P4HIGHCVSS 7.5≤ 2.0.12007-09-04
CVE-2007-4664 [HIGH] CWE-20 CVE-2007-4664: Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebi
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
nvd
CVE-2006-7214P4HIGHCVSS 7.8v1.52007-06-29
CVE-2006-7214 [HIGH] CVE-2006-7214: Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
nvd
CVE-2004-0779P4HIGHCVSS 7.5v0.72004-08-18
CVE-2004-0779 [HIGH] CVE-2004-0779: The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that c
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
nvd
CVE-2007-4668P4MEDIUMCVSS 5.0≤ 2.0.12007-09-04
CVE-2007-4668 [MEDIUM] CWE-119 CVE-2007-4668: Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determin
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
nvd
CVE-2004-0718P4HIGHCVSS 7.5v0.72004-07-27
CVE-2004-0718 [HIGH] CVE-2004-0718: The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not pro
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
nvd
CVE-2014-9323P4MEDIUMCVSS 5.0fixed in 2.1.7≥ 2.5, ≤ 2.5.32014-12-16
CVE-2014-9323 [MEDIUM] CWE-476 CVE-2014-9323: The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote att
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
nvd
CVE-2007-3527P4MEDIUMCVSS 6.8v2.0.02007-07-03
CVE-2007-3527 [MEDIUM] CVE-2007-3527: Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (C
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
nvd
CVE-2003-0197P4HIGHCVSS 7.2v1.0.22003-04-11
CVE-2003-0197 [HIGH] CVE-2003-0197: Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a l
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
nvd
CVE-2006-7213P4MEDIUMCVSS 5.5v1.52007-06-29
CVE-2006-7213 [MEDIUM] CVE-2006-7213: Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a d
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
nvd
CVE-2007-4667P4MEDIUMCVSS 5.0≤ 2.0.12007-09-04
CVE-2007-4667 [MEDIUM] CVE-2007-4667: Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to ca
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
nvd
CVE-2007-4666P4MEDIUMCVSS 5.0≤ 2.0.12007-09-04
CVE-2007-4666 [MEDIUM] CWE-119 CVE-2007-4666: Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environm
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
nvd
CVE-2006-7212P4MEDIUMCVSS 6.8v1.52007-06-29
CVE-2006-7212 [MEDIUM] CVE-2006-7212: Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
nvd