← Retour aux CVEs
CVE-2026-28214
N/ADescription
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Details CVE
Score CVSS v3.1N/A
Publie4/17/2026
Derniere modification4/17/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-190CWE-835
References
https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14(security-advisories@github.com)
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7(security-advisories@github.com)
https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4(security-advisories@github.com)
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.