Firebirdsql Firebird
16 CVEs affecting Firebirdsql Firebird. Latest disclosed: 2026-04-17. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40342 | Critical | 10.0 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates… |
CVE-2026-28224 | High | 8.2 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callba… |
CVE-2026-27890 | High | 8.2 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments dur… |
CVE-2025-65104 | High | 7.9 | 2026-04-17 | Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields… |
CVE-2026-35215 | High | 7.5 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the l… |
CVE-2026-34232 | High | 7.5 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handl… |
CVE-2026-33337 | High | 7.5 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datu… |
CVE-2026-28212 | High | 7.5 | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network pack… |
CVE-2023-41038 | High | 7.5 | 2024-03-20 | Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET… |
CVE-2025-24975 | High | 7.1 | 2025-08-15 | Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal… |
CVE-2016-1569 | Medium | 6.5 | 2016-01-13 | FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invali… |
CVE-2025-54989 | Medium | 5.3 | 2025-08-15 | Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulne… |
CVE-2026-28214 | | 2026-04-17 | Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function… | |
CVE-2014-9323 | | 2014-12-16 | The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereferen… | |
CVE-2013-2492 | | 2013-03-15 | Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute a… | |
CVE-2012-5529 | | 2012-11-20 | TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and c… |