2459270 – (CVE-2026-34232) CVE-2026-34232 Firebird: Firebird: Denial of Service via crafted op_response packet

Bug 2459270 (CVE-2026-34232) - CVE-2026-34232 Firebird: Firebird: Denial of Service via crafted op_response packet

Summary: CVE-2026-34232 Firebird: Firebird: Denial of Service via crafted op_response ...

Keywords:
Status:	NEW
Alias:	CVE-2026-34232
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2459718 2459719 2459721 2459720
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-17 20:01 UTC by OSIDB Bzimport
Modified:	2026-04-20 13:00 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-17 20:01:29 UTC

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Note You need to log in before you can comment on or make changes to this bug.