Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Published: 2026-04-17
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (unprivileged crash)
Action: Patch
AI Analysis

Impact

Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 assume that CNCT_specific_data segments arrive in strict ascending order during authentication. When these segments are received out of order, the Array class’s grow() method computes a negative size, resulting in a segmentation fault that crashes the server. This buffer and size overflow flaw (CWE-119, CWE-787) allows an attacker who only knows the server’s IP and port to cause an unauthenticated denial of service by repeatedly triggering the crash.

Affected Systems

All FirebirdSQL Firebird database servers running any of the following releases before 5.0.4, before 4.0.7, or before 3.0.14 are affected. These include the 5.x, 4.x, and 3.x branches of Firebird.

Risk and Exploitability

The CVSS score of 8.2 classifies the flaw as high severity, and the EPSS score is not available. The flaw is not listed in CISA KEV. Because the attack requires only knowledge of the server’s IP and port and does not need authentication, the potential for exploitation remains high. An unauthenticated attacker can repeatedly reset the database service, creating a significant availability risk for services that depend on Firebird. The lack of a current KEV listing suggests no widespread public exploitation yet, but the high CVSS and ease of exploit warrant swift remediation.

Generated by OpenCVE AI on April 18, 2026 at 09:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Firebird server to at least version 5.0.4, 4.0.7, or 3.0.14, which contain the patch that corrects the out–of–order segment handling.
  • After upgrading, stop and restart the Firebird service so the new code is loaded.
  • If upgrading cannot be performed immediately, restrict access to the Firebird port by firewall or network segmentation to prevent unauthenticated connections until the software is updated.

Generated by OpenCVE AI on April 18, 2026 at 09:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Firebirdsql
Firebirdsql firebird
Vendors & Products Firebirdsql
Firebirdsql firebird

Fri, 17 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14,, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Fri, 17 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14,, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Title Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments
Weaknesses CWE-119
CWE-787
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Firebirdsql Firebird
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-17T18:50:22.134Z

Reserved: 2026-02-24T15:19:29.716Z

Link: CVE-2026-27890

cve-icon Vulnrichment

Updated: 2026-04-17T18:50:18.684Z

cve-icon NVD

Status : Received

Published: 2026-04-17T19:16:34.993

Modified: 2026-04-17T19:16:34.993

Link: CVE-2026-27890

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:15:15Z

Weaknesses