CVE-2026-28212

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 6.0.0 Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14

Description An unauthenticated attacker can cause a server crash by sending a crafted packet to the server port. This occurs when processing an 'op slice' network packet, where the server passes an unprepared structure containing a null pointer to the SDL info() function, leading to a null pointer dereference.

Recommendations Update to version 6.0.0 Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-05715

CVE-2026-28212

OESA-2026-2013

OESA-2026-2014

OESA-2026-2015

OESA-2026-2016

OESA-2026-2017

Affected Products

Firebird

Red Os

CVE-2026-28212

Weakness Enumeration

Related Identifiers

Affected Products

References · 34