2459241 – (CVE-2025-65104) CVE-2025-65104 Firebird: firebird3 client: FirebirdSQL/firebird: Firebird Client: Information leak when communicating with newer servers

Bug 2459241 (CVE-2025-65104) - CVE-2025-65104 Firebird: firebird3 client: FirebirdSQL/firebird: Firebird Client: Information leak when communicating with newer servers

Summary: CVE-2025-65104 Firebird: firebird3 client: FirebirdSQL/firebird: Firebird Cli...

Keywords:
Status:	NEW
Alias:	CVE-2025-65104
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2459262 2459263
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-17 19:01 UTC by OSIDB Bzimport
Modified:	2026-04-17 19:33 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-17 19:01:20 UTC

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.

Note You need to log in before you can comment on or make changes to this bug.