CVE-2026-34232: CWE-228: Improper Handling of Syntactically Invalid Structure in FirebirdSQL firebird
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AI Analysis
Technical Summary
FirebirdSQL's xdr_status_vector() function improperly processes the isc_arg_cstring type in op_response packets in affected versions, causing a server crash when such a packet is received. This can be triggered remotely by an unauthenticated attacker, resulting in denial of service. The vulnerability affects FirebirdSQL versions 3.0.0 up to but not including 3.0.14, 4.0.0 up to but not including 4.0.7, and 5.0.0 up to but not including 5.0.4. The issue is resolved in versions 3.0.14, 4.0.7, and 5.0.4.
Potential Impact
The vulnerability allows an unauthenticated attacker to cause a denial of service by crashing the FirebirdSQL server through crafted op_response packets. There is no impact on confidentiality or integrity according to the CVSS vector. The severity is rated high due to the ease of remote exploitation and the resulting service disruption.
Mitigation Recommendations
A fix is available in FirebirdSQL versions 3.0.14, 4.0.7, and 5.0.4. Users should upgrade to these or later versions to remediate the vulnerability. Since this is not a cloud service, patching the affected software installations is required. Patch status is confirmed by the vendor's versioning information.
CVE-2026-34232: CWE-228: Improper Handling of Syntactically Invalid Structure in FirebirdSQL firebird
Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
CVSS v3.1
Score 7.5high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
FirebirdSQL's xdr_status_vector() function improperly processes the isc_arg_cstring type in op_response packets in affected versions, causing a server crash when such a packet is received. This can be triggered remotely by an unauthenticated attacker, resulting in denial of service. The vulnerability affects FirebirdSQL versions 3.0.0 up to but not including 3.0.14, 4.0.0 up to but not including 4.0.7, and 5.0.0 up to but not including 5.0.4. The issue is resolved in versions 3.0.14, 4.0.7, and 5.0.4.
Potential Impact
The vulnerability allows an unauthenticated attacker to cause a denial of service by crashing the FirebirdSQL server through crafted op_response packets. There is no impact on confidentiality or integrity according to the CVSS vector. The severity is rated high due to the ease of remote exploitation and the resulting service disruption.
Mitigation Recommendations
A fix is available in FirebirdSQL versions 3.0.14, 4.0.7, and 5.0.4. Users should upgrade to these or later versions to remediate the vulnerability. Since this is not a cloud service, patching the affected software installations is required. Patch status is confirmed by the vendor's versioning information.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-26T16:22:29.034Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2889bbdfbbecc59818af8
Added to database: 4/17/2026, 7:23:07 PM
Last enriched: 4/25/2026, 2:59:46 AM
Last updated: 6/1/2026, 6:03:24 PM
Views: 77
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.