CNNVD-202508-1855 Information

CNNVD ID

CNNVD-202508-1855

Related CVE

CVE-2025-24975

• CNNVD Published: 2025-08-15

Description (Chinese)

Firebird是Firebird基金会的一套开源跨平台的提供多个ANSI SQL-92功能的关系型数据库管理系统。 Firebird 4.0.6.3183之前版本、5.0.2.1610之前版本和6.0.0.609之前版本存在代码问题漏洞，该漏洞源于ExtConnPool连接验证不足可能导致分段违规。

Description (English)

Firebird is the Open Source Cross Platform of the Firebird Foundation ’ s Relationship Database Management System, which provides multiple ANSI SQL-92 functions. There is a code gap in the previous editions of Firebird 4.6.3183, 5.2.2.1610 and 6.0.0.609, which stems from the fact that inadequate authentication of the ExtraConnónPool connection may result in sub-section irregularities.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Firebird

Published

2025-08-15

Last Modified

2026-02-24

References

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69 https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6 https://github.com/FirebirdSQL/firebird/issues/8429 https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird https://vigilance.fr/vulnerability/Firebird-denial-of-service-via-ExtConnPoolSize-48096 https://nvd.nist.gov/vuln/detail/CVE-2025-24975

Patch

https://github.com/FirebirdSQL/firebird/releases