Description

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

INFO

Published Date :

2026-04-17T18:52:11.693Z

Last Modified :

2026-04-17T18:52:11.693Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34232 vulnerability.

Vendors Products
Firebirdsql
  • Firebird
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34232.

URL Resource
https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 cve-icon cve-icon
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 cve-icon cve-icon
https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 cve-icon cve-icon
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7jq3-6j3c-5cm2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact