CVE-2026-28212

EUVD-2026-23462

17.04.2026, 19:16

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Affected Products (NVD)

Vendor	Product	Version
firebirdsql	firebird	𝑥 < 3.0.14
firebirdsql	firebird	4.0.0 ≤ 𝑥 < 4.0.7
firebirdsql	firebird	5.0.0 ≤ 𝑥 < 5.0.4

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14

https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7

https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch