regarding the security alert

28 views
Skip to first unread message

Rand Random

unread,
Aug 14, 2025, 2:37:45 AMAug 14
to firebird-general
Regarding this news article

I couldn't find any detailed information about this topic, couldn't find any CVE id or github issue.
Can you help me figure out what the danger of that security risk is?

Can a bad actor execute remote code? Can it bypass login and read data from the database? so, what is the worst case scenario a bad actor can achieve by exploiting this vulnerability?

Any further information is welcome.

Pavel Cisar

unread,
Aug 14, 2025, 2:50:57 AMAug 14
to firebird...@googlegroups.com
Hi,

The vulnerability allows remote unauthenticated users to cause a denial
of service via a NULL pointer dereference and subsequent crash of the
server.

The exploit requires network access to the server. Obviously servers
with a publicly accessible IP address are more vulnerable.

A malicious user can cause a DoS attack on a Firebird server by sending
a specific sequence of bytes. It is not necessary to be logged in to the
server. To exploit the vulnerability, it is sufficient to have access to
the Firebird port.

The Classic server architecture is less vulnerable, inasmuch as existing
connections will remain active. However if the attack is sustained no
new connections will be possible for the lifetime of the attack, no
matter which architecture is used.

It is not known if ZDI has developed a proof of concept. However, once
the vulnerability is published one should expect rogue users to develop
an attack. With increased access to LLMs to generate code the
development of exploits of all kinds has become considerably easier.

Users should update their installation to a fixed version.

regards
Pavel Cisar
IBPhoenix

Dne 13. 08. 25 v 17:46 Rand Random napsal(a):
> --
> Support the ongoing development of Firebird! Consider donating to the
> Firebird Foundation and help ensure its future. Every contribution makes
> a difference. Learn more and donate here:
> https://www.firebirdsql.org/donate <https://www.firebirdsql.org/donate>
> ---
> You received this message because you are subscribed to the Google
> Groups "firebird-general" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to firebird-gener...@googlegroups.com
> <mailto:firebird-gener...@googlegroups.com>.
> To view this discussion, visit https://groups.google.com/d/msgid/
> firebird-general/b29b4179-0c24-4a53-a2fd-
> eb8041afc236n%40googlegroups.com <https://groups.google.com/d/msgid/
> firebird-general/b29b4179-0c24-4a53-a2fd-
> eb8041afc236n%40googlegroups.com?utm_medium=email&utm_source=footer>.

Rand Random

unread,
Aug 18, 2025, 5:05:38 AMAug 18
to firebird-general
Thanks for the info, regarding this news articel:

Which seems contradicting to your statements, that the only thing possible is a "DoS" attack, so the only thing to "worry" about is that I server may go down because of the amount of requests, and not that a bad actor can read data from the database.

So, what is the truth?

and just to have the links in here aswell
pointing to github entries:

pointing to github entries:

Rand Random

unread,
Aug 18, 2025, 10:19:57 AMAug 18
to firebird-general
In retrospect it seems the firebirdsql.org news article is only refering to this issue:

which has no workaround, is ONLY the DoS attack, and applies to all firebird versions 2.5.x, 3.x.x, 4.x.x and 5.x.x.

while there is this second issue

Which didnt get mentioned in the firebirdsql.org at all, and if I understood you correctly, you also weren't refering to.

which DOES have a workaroud (to use  ExtConnPoolSize=0 which is the default), is NOT only a DoS attack and CAN BE used to read data from the database, and applies ONLY to firebird 4.x and 5.x.

Did I fully grasp the current situation?
Reply all
Reply to author
Forward
0 new messages