CVE-2026-28212
Null Pointer Dereference in Firebird Server Causes Crash
Publication date: 2026-04-17
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| firebirdsql | firebird | to 3.0.14 (exc) |
| firebirdsql | firebird | From 4.0.0 (inc) to 4.0.7 (exc) |
| firebirdsql | firebird | From 5.0.0 (inc) to 5.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Firebird open-source relational database management system in versions prior to 6.0.0, 5.0.4, 4.0.7, and 3.0.14. When the server processes a specific network packet called op_slice, it passes an unprepared structure containing a null pointer to the SDL_info() function. This causes a null pointer dereference, which leads to the server crashing.
An unauthenticated attacker can exploit this vulnerability by sending a specially crafted packet to the server port, triggering the crash.
The issue has been fixed in the mentioned versions 6.0.0, 5.0.4, 4.0.7, and 3.0.14.
How can this vulnerability impact me? :
This vulnerability can cause the Firebird database server to crash due to a null pointer dereference triggered by an unauthenticated attacker sending a crafted network packet.
The impact is a denial of service (DoS) condition, making the database unavailable until it is restarted or recovered.
Since the attacker does not need authentication, this can be exploited remotely, potentially disrupting services relying on the database.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Firebird to one of the fixed versions: 6.0.0, 5.0.4, 4.0.7, or 3.0.14.
This will prevent unauthenticated attackers from triggering the null pointer dereference and server crash by sending crafted op_slice network packets.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a server crash due to a null pointer dereference triggered by an unauthenticated attacker sending a crafted packet. It results in availability impact (denial of service) but does not affect confidentiality or integrity of data.
Since the vulnerability does not lead to unauthorized access or data leakage, it does not directly impact compliance with data protection standards such as GDPR or HIPAA, which primarily focus on confidentiality and integrity of personal or health data.
However, the denial of service could affect system availability, which may be a consideration under some regulatory frameworks that require systems to be resilient and available.