Primary

Context

Firebird Buffer Overflow Vulnerability in Slice Packet Deserialization Allowing Server Crash

Vulnerability

Patched

A buffer overflow vulnerability has been identified in Firebird database versions prior to 5.0.4, 4.0.7, and 3.0.14. The issue arises in the xdr_datum() function, which improperly validates the length of cstrings during the deserialization of slice packets. This lack of validation allows an unauthenticated attacker to send a crafted packet that exceeds the allocated buffer, leading to a potential server crash or other security issues.

Impact

Exploitation of this vulnerability can cause a server crash or other unspecified security impacts.

Reproduction

The vulnerability can be reproduced by running the Firebird server and using a Python script to send a maliciously crafted slice packet that exploits the buffer overflow issue.

Remediation

Users can upgrade to Firebird versions 5.0.4, 4.0.7, or 3.0.14 to address this vulnerability.

Added: Apr 17, 2026, 7:40 PM

Updated: Apr 17, 2026, 7:40 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.8

exploitability

9.1

remediation

7.7

relevance

6.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.8

exploitability

9.1

remediation

7.7

relevance

6.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Firebird Buffer Overflow Vulnerability in Slice Packet Deserialization Allowing Server Crash

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Firebird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating