2459246 – (CVE-2026-27890) CVE-2026-27890 Firebird: Firebird: Denial of Service via out-of-order authentication segments

Bug 2459246 (CVE-2026-27890) - CVE-2026-27890 Firebird: Firebird: Denial of Service via out-of-order authentication segments

Summary: CVE-2026-27890 Firebird: Firebird: Denial of Service via out-of-order authent...

Keywords:
Status:	NEW
Alias:	CVE-2026-27890
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2459255 2459257
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-17 19:01 UTC by OSIDB Bzimport
Modified:	2026-04-17 19:32 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-17 19:01:44 UTC

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Note You need to log in before you can comment on or make changes to this bug.