CVE-2026-33337 in Firebirdinformación

Resumen

por MITRE • 2026-04-17

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Reservar

2026-03-18

Divulgación

2026-04-17

Moderación

aceptado

Artículo

VDB-358102

CPE

listo

CWE

CWE-120 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00127

KEV

Actividades

muy bajo

Sector

Finance, Chemical, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33337
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33337
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33337/

◂ Anterior Visión De Conjunto Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!