CVE-2026-28214

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14

Description The ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, leading to an infinite loop. An authenticated user with INSERT privileges on any table can exploit this by using a crafted Batch Parameter Block to cause a denial of service against the server.

Recommendations Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

Fix

DoS

Infinite Loop

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-190

Related Identifiers

BDU:2026-05720

CVE-2026-28214

OESA-2026-2013

OESA-2026-2014

OESA-2026-2015

OESA-2026-2016

OESA-2026-2017

Affected Products

Firebird

Red Os

CVE-2026-28214

Weakness Enumeration

Related Identifiers

Affected Products

References · 34