Primary

Context

Firebird Client Library Information Leak Vulnerability

Vulnerability

Patched

A vulnerability allowing information leakage has been identified in the Firebird client library version 3.0.13 and prior. When this client library communicates with Firebird server version 4.0 or higher, it incorrectly populates data length values in the XSQLDA fields. This miscommunication can lead to unintended information disclosure.

Impact

Exploitation of this vulnerability causes an information leak, where incorrect data length values are transmitted, potentially allowing for unauthorized data access or manipulation.

Remediation

Users can upgrade to the Firebird client version 4.0.0 or higher to address this vulnerability. Alternatively, version 3.0.14 can be used once it is released.

Added: Apr 17, 2026, 6:30 PM

Updated: Apr 17, 2026, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

5.9

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

5.9

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Firebird Client Library Information Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Firebird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating