HIGH🇬🇧 English

CVE-2026-34232

CVSS 7.5v3.1pub. 2026-04-17upd. 2026-04-27

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Firebirdsql Firebird

    APP
    Firebirdsql
    3.0.0 – 3.0.14 (bez)4.0.0 – 4.0.7 (bez)5.0.0 – 5.0.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2026-40342CRITICAL9.9PL ✓ten sam produkt

RCE przez path traversal w ładowaniu wtyczek zewnętrznych Firebird

CVE-2026-27890HIGH8.2ten sam produkt

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...

CVE-2026-28212HIGH7.5ten sam produkt

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and...

CVE-2025-65104HIGH7.9ten sam produkt

Firebird is an open-source relational database management system. In versions FB3 of the client library placed...

CVE-2026-28224HIGH8.2ten sam produkt

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...