7.5
CVE-2026-34232
- EPSS 0.11%
- Veröffentlicht 17.04.2026 18:52:11
- Zuletzt bearbeitet 27.04.2026 14:27:50
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Firebird: DoS via `op_response` packet from client
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Firebirdsql ≫ Firebird Version >= 3.0.0 < 3.0.14
Firebirdsql ≫ Firebird Version >= 4.0.0 < 4.0.7
Firebirdsql ≫ Firebird Version >= 5.0.0 < 5.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.292 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-228 Improper Handling of Syntactically Invalid Structure
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.