CVE-2026-28214 PUBLISHED

Firebird server hangs when using specific clumplet on batch creation

Assigner: GitHub_M
Reserved: 25.02.2026 Published: 17.04.2026 Updated: 17.04.2026

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user with INSERT privileges on any table can exploit this via a crafted Batch Parameter Block to cause a denial of service against the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CVSS Score: 6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	Present	Availability	High	Availability	Low
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	FirebirdSQL
Product	firebird
Versions	Version >= 3.0.0, < 3.0.14 is affected Version >= 4.0.0, < 4.0.7 is affected Version >= 5.0.0, < 5.0.4 is affected

References

Problem Types

CWE-190: Integer Overflow or Wraparound CWE
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') CWE