Primary

Context

Firebird NULL Pointer Dereference Denial-of-Service Vulnerability in XDR Message Parsing

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Firebird relational database management system, prior to versions 3.0.13, 4.0.6, and 5.0.3. The issue arises from a NULL pointer dereference during the parsing of XDR messages from clients, leading to a crash or unresponsiveness of the database server.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a denial-of-service condition where the database server becomes unresponsive or crashes.

Remediation

Users can upgrade to Firebird versions 3.0.13, 4.0.6, or 5.0.3 to address this vulnerability.

Added: Aug 15, 2025, 3:21 PM

Updated: Aug 15, 2025, 3:21 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

8.4

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

8.4

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Firebird NULL Pointer Dereference Denial-of-Service Vulnerability in XDR Message Parsing

Vulnerability

Impact

Remediation

Affected Products

Firebird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating