{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33337", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-18T22:15:11.812Z", "datePublished": "2026-04-17T18:48:47.953Z", "dateUpdated": "2026-04-17T19:21:17.132Z"}, "containers": {"cna": {"title": "Firebird has a buffer overflow when parsing corrupted slice packets", "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-502", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"}, {"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14", "tags": ["x_refsource_MISC"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"}, {"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"}, {"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"}], "affected": [{"vendor": "FirebirdSQL", "product": "firebird", "versions": [{"version": ">= 3.0.0, < 3.0.14", "status": "affected"}, {"version": ">= 4.0.0, < 4.0.7", "status": "affected"}, {"version": ">= 5.0.0, < 5.0.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T18:48:47.953Z"}, "descriptions": [{"lang": "en", "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."}], "source": {"advisory": "GHSA-89mq-229g-x47p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-17T19:21:08.979325Z", "id": "CVE-2026-33337", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T19:21:17.132Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33337", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-17T19:21:08.979325Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-17T19:21:13.730Z"}}], "cna": {"title": "Firebird has a buffer overflow when parsing corrupted slice packets", "source": {"advisory": "GHSA-89mq-229g-x47p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "FirebirdSQL", "product": "firebird", "versions": [{"status": "affected", "version": ">= 3.0.0, < 3.0.14"}, {"status": "affected", "version": ">= 4.0.0, < 4.0.7"}, {"status": "affected", "version": ">= 5.0.0, < 5.0.4"}]}], "references": [{"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p", "name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14", "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7", "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4", "name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T18:48:47.953Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33337", "state": "PUBLISHED", "dateUpdated": "2026-04-17T19:21:17.132Z", "dateReserved": "2026-03-18T22:15:11.812Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T18:48:47.953Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A79C5C5-09BC-4F38-8B00-F643818CC87D", "versionEndExcluding": "3.0.14", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4BC24D2-FBF7-4308-9914-6079DBDF88FA", "versionEndExcluding": "4.0.7", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*", "matchCriteriaId": "938978A3-90BE-4223-BDFC-5310A7C78D9B", "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bounds, allowing a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."}], "id": "CVE-2026-33337", "lastModified": "2026-04-27T14:26:16.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-17T19:16:36.223", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-89mq-229g-x47p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.0.0,3.0.14)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0.0,4.0.7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "firebird", "source": "cna", "vendor": "FirebirdSQL"}, "product": "firebird", "vendor": "firebirdsql"}], "analysis": {"en": {"generated_at": "2026-04-18T19:26:53.780618+00:00", "value": {"mitigation_remediation": ["Update the database server to Firebird 5.0.4, 4.0.7, 3.0.14 or later to apply the patch for the buffer overflow.", "Restrict external network access to the Firebird server or place it behind a firewall to limit exposure to unauthenticated attackers.", "Implement network segmentation and monitor for anomalous slice packet traffic to detect attempts to exploit the vulnerability."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via buffer overflow"}, "threat_synthesis": {"affected_systems": "FirebirdSQL Firebird is affected in all releases before 5.0.4, 4.0.7, and 3.0.14. Users running these versions should verify their installed version and plan an upgrade.", "description_and_impact": "Firebird contains a buffer overflow in the xdr_datum() function when deserializing slice packets. The function fails to enforce that a cstring length matches the slice descriptor bounds, allowing a crafted packet to overflow the allocated buffer. This flaw is a classic internal buffer overflow (CWE\u2011120) and can lead to application crashes or denial of service by an unauthenticated attacker.", "risk_and_exploitability": "The CVSS score of 7.5 reflects a high severity impact. EPSS indicates a low likelihood of exploitation (less than 1%), and this vulnerability is not listed in the CISA KEV catalog. Because no authentication is required and the trigger is a network packet, the attack vector is remote. The vulnerability can cause crashes or other security impact, making it a high priority for remediation."}}}}, "created": "2026-04-17T20:30:15.693214+00:00", "updated": "2026-04-18T19:30:08.941883+00:00", "vendors": ["firebirdsql", "firebirdsql$PRODUCT$firebird"]}