Volerion logoVolerion
Volerion logoVolerion

Firebird Database Null Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Firebird, an open-source relational database management system. This issue affects versions prior to 5.0.4, 4.0.7, and 3.0.14. The vulnerability arises when the server receives an 'op_crypt_key_callback' packet without prior authentication. In such cases, the 'port_server_crypt_callback' handler is not properly initialized, leading to a null pointer dereference and a server crash. An unauthenticated attacker who knows the server's IP and port can exploit this flaw to cause a crash.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing the Firebird server to crash.

Reproduction

The vulnerability can be reproduced by sending an 'op_crypt_key_callback' packet to the server without prior authentication. This can be done using a script that establishes a connection to the server and sends the packet, which triggers the null pointer dereference and subsequent crash.

Remediation

Users can upgrade to Firebird versions 5.0.4, 4.0.7, or 3.0.14 to address this vulnerability.

Added: Apr 17, 2026, 7:28 PM
Updated: Apr 17, 2026, 7:28 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
9.1
remediation
7.7
relevance
6.2
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.