Description

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

INFO

Published Date :

2026-04-17T18:14:29.433Z

Last Modified :

2026-04-17T18:50:22.134Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27890 vulnerability.

Vendors Products
Firebirdsql
  • Firebird
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27890.

URL Resource
https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 cve-icon cve-icon
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 cve-icon cve-icon
https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 cve-icon cve-icon
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6crx-4g37-7j49 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact