CVE-2026-33337 in Firebirdthông tin

Tóm tắt

Bởi MITRE • 17/04/2026

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

18/03/2026

Tiết lộ

17/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-358102

CPE

sẵn sàng

CWE

CWE-120 (Đã xác nhận)

CVSS

7.5 (CNA)

EPSS

0.00127

KEV

không

Các hoạt động

rất thấp

ngành

Transportation, Finance, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33337
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33337
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33337/

◂ Trước Tổng Quan Tiếp theo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!