8.2
CVE-2026-28224
- EPSS 0.4%
- Veröffentlicht 17.04.2026 18:38:58
- Zuletzt bearbeitet 24.04.2026 19:45:57
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Firebird Null Pointer Dereference via CryptCallback causes DOS
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Firebirdsql ≫ Firebird Version < 3.0.14
Firebirdsql ≫ Firebird Version >= 4.0.0 < 4.0.7
Firebirdsql ≫ Firebird Version >= 5.0.0 < 5.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.605 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.