CVE-2026-27890

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14

Description An issue exists during authentication when processing CNCT specific data segments. The server assumes these segments arrive in strictly ascending order; however, if they arrive out of order, the grow() method of the Array class computes a negative size value, leading to a SIGSEGV crash (a segmentation fault where the program attempts to access a memory location that it is not allowed to access). An unauthenticated attacker with knowledge of the server IP and port can trigger this crash.

Recommendations Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

Fix

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2026-05719

CVE-2026-27890

OESA-2026-2013

OESA-2026-2014

OESA-2026-2015

OESA-2026-2016

OESA-2026-2017

Affected Products

Firebird

Red Os

CVE-2026-27890

Weakness Enumeration

Related Identifiers

Affected Products

References · 35