CVE-2026-33337

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14

Description An issue exists during the deserialization of a slice packet where the xdr datum() function fails to validate that a cstring length conforms to the slice descriptor bounds. This allows a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact.

Recommendations Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

Fix

DoS

Buffer Overflow

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-502

Related Identifiers

BDU:2026-05714

CVE-2026-33337

OESA-2026-2013

OESA-2026-2014

OESA-2026-2015

OESA-2026-2016

OESA-2026-2017

Affected Products

Firebird

Red Os

CVE-2026-33337

Weakness Enumeration

Related Identifiers

Affected Products

References · 34