CVE-2026-33337 in FirebirdИнформация

Сводка

по MITRE • 17.04.2026

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

18.03.2026

Раскрытие

17.04.2026

Модерация

принято

Вход

VDB-358102

CPE

готов

CWE

CWE-120 (Подтверждённый)

CVSS

7.5 (CNA)

EPSS

0.00127

KEV

Нет

Деятельности

Очень низкий

Сектор

Telecommunication, Chemical, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33337
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33337
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33337/

◂ Предыдущий Обзор Далее ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!