CVE-2026-33337

EUVD-2026-23482

17.04.2026, 19:16

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Affected Products (NVD)

Vendor	Product	Version
firebirdsql	firebird	3.0.0 ≤ 𝑥 < 3.0.14
firebirdsql	firebird	4.0.0 ≤ 𝑥 < 4.0.7
firebirdsql	firebird	5.0.0 ≤ 𝑥 < 5.0.4

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14

https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7

https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p