Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.

Basic Information

ID CVE-2025-54989

Source GitHub_M

Published Aug 15, 2025 at 15:04

Affected Product

Vendor FirebirdSQL

Product firebird

Version < 3.0.13

Affected Versions FirebirdSQL firebird < 3.0.13
FirebirdSQL firebird < 4.0.6
FirebirdSQL firebird < 5.0.3

CWE Classification

CWE-476

References

{
    "lastseen": "",
    "description": "Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.",
    "published": "2025-08-15T15:04:19.097Z",
    "modified": "2025-08-15T15:04:19.097Z",
    "type": "cve",
    "title": "Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp\nhttps://github.com/FirebirdSQL/firebird/issues/8554\nhttps://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25",
    "id": "CVE-2025-54989",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "FirebirdSQL firebird < 3.0.13\nFirebirdSQL firebird < 4.0.6\nFirebirdSQL firebird < 5.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "firebird",
    "version": "< 3.0.13",
    "vendor": "FirebirdSQL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability_CVE-2025-54989