Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Published: 2026-04-17
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The ClumpletReader::getClumpletSize() function in Firebird 5.0 and earlier can overflow the totalLength value when parsing a Wide type clumplet, which leads to an infinite loop in the server’s batch creation process. An attacker with INSERT privileges on any table can construct a malicious Batch Parameter Block that triggers this overflow, causing the server to hang and denying service to legitimate users. The weakness is an integer overflow (CWE-190) that results in an unbounded loop (CWE-835).

Affected Systems

The vulnerability is present in FirebirdSQL Firebird for all releases prior to 5.0.4, 4.0.7, and 3.0.14. Versions 5.0.4, 4.0.7, and 3.0.14 contain the fix and are not affected.

Risk and Exploitability

The CVSS score of 6 indicates medium severity. There is no EPSS data, and the issue is not listed in the KEV catalog. Exploitation requires an authenticated user with INSERT authority, so the attack vector is likely internal. While the vulnerability does not allow arbitrary code execution or data exfiltration, the ability to cause a server hang can disrupt business operations, especially in high‑traffic environments.

Generated by OpenCVE AI on April 18, 2026 at 17:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade any Firebird installation to at least version 3.0.14, 4.0.7, or 5.0.4, which contain the fix for the clumplet parsing overflow.
  • If an immediate upgrade is not possible, restrict INSERT privileges on tables that accept batch operations and audit all batch insert scripts to ensure they do not include malicious Batch Parameter Blocks.
  • Configure your environment to automatically detect servers hanging during batch creation and trigger a service restart, and monitor logs for repeated incidents.

Generated by OpenCVE AI on April 18, 2026 at 17:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Firebirdsql
Firebirdsql firebird
Vendors & Products Firebirdsql
Firebirdsql firebird

Fri, 17 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Title Firebird server hangs when using specific clumplet on batch creation
Weaknesses CWE-190
CWE-835
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L'}

Subscriptions

Firebirdsql Firebird
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-17T18:35:46.974Z

Reserved: 2026-02-25T15:28:40.649Z

Link: CVE-2026-28214

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-17T19:16:35.327

Modified: 2026-04-17T19:16:35.327

Link: CVE-2026-28214

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:15:05Z

Weaknesses