Alexpeshkoff

**Name of the Vulnerable Software and Affected Versions:** Firebird versions prior to 4.0.6.3183 Firebird versions prior to 5.0.2.1610 Firebird versions prior to 6.0.0.609 **Description:** Firebird is a relational database. If the `ExtConnPoolSize` parameter is not set to 0, a server process segfault may occur due to improper verification of connections stored in the `ExtConnPool` and the `CryptCallback` interface. This can affect both encrypted and unencrypted databases, particularly when using chained execute statements. Accessing encrypted databases via an execute statement on an external connection, followed by an attachment missing the necessary key, may also occur. **Recommendations:** Firebird versions prior to 4.0.6.3183: Update to version 4.0.6.3183 or later. Firebird versions prior to 5.0.2.1610: Update to version 5.0.2.1610 or later. Firebird versions prior to 6.0.0.609: Update to version 6.0.0.609 or later. As a workaround for all affected versions, set `ExtConnPoolSize` to 0 in the `firebird.conf` file.