{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28212", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T15:28:40.649Z", "datePublished": "2026-04-17T18:05:25.854Z", "dateUpdated": "2026-04-20T13:46:08.904Z"}, "containers": {"cna": {"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"}, {"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14", "tags": ["x_refsource_MISC"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"}, {"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"}, {"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"}], "affected": [{"vendor": "FirebirdSQL", "product": "firebird", "versions": [{"version": "< 3.0.14", "status": "affected"}, {"version": ">= 4.0.0, < 4.0.7", "status": "affected"}, {"version": ">= 5.0.0, < 5.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T18:10:29.394Z"}, "descriptions": [{"lang": "en", "value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."}], "source": {"advisory": "GHSA-9884-9qm3-hqch", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28212", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T13:44:29.423772Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:46:08.904Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28212", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T13:44:29.423772Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T13:45:08.674Z"}}], "cna": {"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet", "source": {"advisory": "GHSA-9884-9qm3-hqch", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "FirebirdSQL", "product": "firebird", "versions": [{"status": "affected", "version": "< 3.0.14"}, {"status": "affected", "version": ">= 4.0.0, < 4.0.7"}, {"status": "affected", "version": ">= 5.0.0, < 5.0.4"}]}], "references": [{"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch", "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14", "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7", "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4", "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T18:10:29.394Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28212", "state": "PUBLISHED", "dateUpdated": "2026-04-20T13:46:08.904Z", "dateReserved": "2026-02-25T15:28:40.649Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T18:05:25.854Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*", "matchCriteriaId": "53D811A2-F880-46E9-9F7F-1CE3AC487F67", "versionEndExcluding": "3.0.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4BC24D2-FBF7-4308-9914-6079DBDF88FA", "versionEndExcluding": "4.0.7", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*", "matchCriteriaId": "938978A3-90BE-4223-BDFC-5310A7C78D9B", "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."}], "id": "CVE-2026-28212", "lastModified": "2026-04-24T19:54:47.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-17T19:16:35.180", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.0.14)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0.0,4.0.7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "firebird", "source": "cna", "vendor": "FirebirdSQL"}, "product": "firebird", "vendor": "firebirdsql"}], "analysis": {"en": {"generated_at": "2026-04-18T17:11:59.555636+00:00", "value": {"mitigation_remediation": ["Update Firebird to version 6.0.0, 5.0.4, 4.0.7, 3.0.14 or any later release that contains the fix.", "If an immediate upgrade is not feasible, restrict inbound traffic to the Firebird port to trusted hosts and consider firewall rules that block or drop op_slice packets.", "Continuously monitor server logs for repeated crashes or abnormal connections, and apply temporary service gating or isolation if the attack persists."], "summary": {"action": "Patch Immediately", "impact": "Remote Server Crash"}, "threat_synthesis": {"affected_systems": "FirebirdSQL\u2019s Firebird relational database server is impacted. Versions earlier than 6.0.0, 5.0.4, 4.0.7, and 3.0.14 contain the flaw. All releases 6.0.0 and later are considered fixed and not vulnerable.", "description_and_impact": "The vulnerability occurs when the Firebird server processes an op_slice network packet. The server passes an unprepared structure containing a null pointer to the SDL_info() function, which triggers a dereference and causes the server to crash. An attacker does not need authentication; by sending a crafted packet to the server port, the process terminates. The effect is a denial\u2011of\u2011service condition; there is no direct compromise of data confidentiality or integrity.", "risk_and_exploitability": "A CVSS score of 7.5 classifies this as high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no documented exploitation to date. The attack vector is a remote, unauthenticated network attacker who can initiate the crash by sending a malformed op_slice packet to the Firebird port without any additional privileges."}}}}, "created": "2026-04-17T19:30:15.491841+00:00", "updated": "2026-04-18T17:15:05.785363+00:00", "vendors": ["firebirdsql", "firebirdsql$PRODUCT$firebird"]}