Primary

Context

Firebird Denial-of-Service Vulnerability in op_response Packet Handling

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14. The issue arises in the xdr_status_vector() function, which fails to properly decode the isc_arg_cstring type in op_response packets. This oversight can lead to a server crash when an op_response packet containing this type is received. An unauthenticated attacker can exploit this vulnerability by sending a crafted op_response packet to the server.

Impact

Exploitation of this vulnerability causes a server crash, disrupting database services.

Reproduction

To reproduce this vulnerability, send an op_response packet containing the isc_arg_cstring type to a Firebird server running a vulnerable version. The server will crash upon processing the packet.

Remediation

Users can upgrade to Firebird versions 5.0.4, 4.0.7, or 3.0.14 to address this vulnerability.

Added: Apr 17, 2026, 8:25 PM

Updated: Apr 17, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

7.7

relevance

6.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

7.7

relevance

6.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Firebird Denial-of-Service Vulnerability in op_response Packet Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Firebird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating