CVE-2025-54989

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-54989
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54989.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54989
Aliases
  • GHSA-7qp6-hqxj-pjjp
Downstream
Related
Published
2025-08-15T15:15:32Z
Modified
2025-08-25T15:58:30.036123Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.

References

Affected packages

Debian:11 / firebird3.0

Package

Name
firebird3.0
Purl
pkg:deb/debian/firebird3.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.7.33374.ds4-2+deb11u1

Affected versions

3.*

3.0.7.33374.ds4-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / firebird3.0

Package

Name
firebird3.0
Purl
pkg:deb/debian/firebird3.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.11.33637.ds4-2
3.0.11.33637.ds4-2+m68k
3.0.11.33637.ds4-2+m68k.1
3.0.11.33703.ds4-1
3.0.11.33703.ds4-2
3.0.11.33703.ds4-3
3.0.11.33703.ds4-3+exp.0
3.0.11.33703.ds4-3+exp.1
3.0.11.33703.ds4-3+m68k
3.0.11.33703.ds4-4
3.0.11.33703.ds4-4+exp.0
3.0.11.33703.ds4-4+m68k
3.0.12.ds5-1
3.0.12.ds5-2
3.0.12.ds7-1
3.0.12.ds7-2
3.0.12.ds7-3
3.0.12.ds7-3+exp.0
3.0.12.ds7-5
3.0.12.ds7-5+exp1
3.0.12.ds7-6
3.0.12.ds7-7
3.0.12.ds7-7+exp1
3.0.12.ds7-8
3.0.12.ds7-9
3.0.12.ds7-10
3.0.12.ds7-11
3.0.12.ds7-12
3.0.12.ds7-13
3.0.12.ds7-13+m68k
3.0.12.ds7-13+m68k.1
3.0.13.ds7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / firebird3.0

Package

Name
firebird3.0
Purl
pkg:deb/debian/firebird3.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.12.ds7-13
3.0.12.ds7-13+m68k
3.0.12.ds7-13+m68k.1
3.0.13.ds7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / firebird3.0

Package

Name
firebird3.0
Purl
pkg:deb/debian/firebird3.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.13.ds7-1

Affected versions

3.*

3.0.12.ds7-13
3.0.12.ds7-13+m68k
3.0.12.ds7-13+m68k.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / firebird4.0

Package

Name
firebird4.0
Purl
pkg:deb/debian/firebird4.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.5.3140.ds6-17
4.0.5.3140.ds6-17+m68k
4.0.6.3221.ds6-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / firebird4.0

Package

Name
firebird4.0
Purl
pkg:deb/debian/firebird4.0?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.6.3221.ds6-1

Affected versions

4.*

4.0.5.3140.ds6-17
4.0.5.3140.ds6-17+m68k

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/firebirdsql/firebird

Affected ranges

Type
GIT
Repo
https://github.com/firebirdsql/firebird
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
169da595f8693fc1a65a79c741724b1bc8db9f25

Affected versions

Other

T4_0_0_Alpha1
T4_0_0_Beta1
T4_0_0_Beta2
T4_0_0_RC1

v5.*

v5.0.0-Beta1