Vulnerability Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Firebirdsql | Firebird | < 3.0.14 |
Related Weaknesses (CWE)
References
- https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14Release Notes
- https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7Release Notes
- https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4Release Notes
- https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49ExploitVendor Advisory
FAQ
What is CVE-2026-27890?
CVE-2026-27890 is a vulnerability with a CVSS score of 8.2 (HIGH). Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes se...
How severe is CVE-2026-27890?
CVE-2026-27890 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-27890?
Check the references section above for vendor advisories and patch information. Affected products include: Firebirdsql Firebird.