Dmitry Kovalenko

**Name of the Vulnerable Software and Affected Versions** Firebird versions 2.1.x through 2.1.6 Firebird versions 2.5.x through 2.5.2 **Description** The issue is related to the `xdr status vector` function and is caused by pointer dereference errors. It allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference, segmentation fault, and crash, via an `op response` action with a non-empty status. **Recommendations** For Firebird versions 2.1.x through 2.1.6, update to version 2.1.7 or later. For Firebird versions 2.5.x through 2.5.2, update to version 2.5.3 SU1 or later. As a temporary workaround, consider restricting access to the `xdr status vector` function until a patch is available.