CVE-2026-27890
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_specific_data Segments
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
| CWE | CWE-119 CWE-787 |
| Vendor | firebirdsql |
| Product | firebird |
| Published | Apr 17, 2026 |
| Last Updated | Apr 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for firebirdsql firebird
Be the first to know when new high vulnerabilities affecting firebirdsql firebird are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected Versions
FirebirdSQL / firebird
>= 3.0.0, < 3.0.14 >= 4.0.0, < 4.0.7 >= 5.0.0, < 5.0.4
References
github.com: https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49 github.com: https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 github.com: https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 github.com: https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4