CVE-2026-28214

Vulnerability Description

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Vulnerability Details

Published Date

April 17, 2026

Last Modified

April 17, 2026

CWE ID

CWE-190

Source

NVD

Vendor

FirebirdSQL

Product

firebird

External References

https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7
https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7cq5-994r-jhrf

CVE-2026-28214

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment