CVE-2026-34232
Received Received - Intake
Server Crash via Improper Status Vector Handling in Firebird

Publication date: 2026-04-17

Last updated on: 2026-04-27

Assigner: GitHub, Inc.

Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash when one is encountered in the status vector. An unauthenticated attacker can exploit this by sending a crafted op_response packet to the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-14
NVD
CVE-2026-34232
EUVD
EUVD-2026-23486
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
firebirdsql firebird From 4.0.0 (inc) to 4.0.7 (exc)
firebirdsql firebird From 5.0.0 (inc) to 5.0.4 (exc)
firebirdsql firebird From 3.0.0 (inc) to 3.0.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-228 The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Firebird open-source relational database management system in versions prior to 5.0.4, 4.0.7, and 3.0.14. The issue is in the xdr_status_vector() function, which does not properly handle the isc_arg_cstring type when decoding an op_response packet. When such a packet containing this type is processed, it causes the server to crash.

An unauthenticated attacker can exploit this vulnerability by sending a specially crafted op_response packet to the server, triggering the crash.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition caused by the server crashing when processing a maliciously crafted packet. This can disrupt availability of the Firebird database server, potentially causing downtime and loss of service.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Firebird to version 5.0.4, 4.0.7, or 3.0.14 or later, as these versions contain the fix for the issue.

Compliance Impact

The vulnerability causes a server crash due to improper handling of a specific data type in the status vector, which can be triggered by an unauthenticated attacker sending a crafted packet.

There is no information provided about any impact on data confidentiality, integrity, or availability beyond the server crash, nor about any direct effects on compliance with standards such as GDPR or HIPAA.

Therefore, based on the provided information, it is not possible to determine how this vulnerability affects compliance with common standards and regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34232. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart