CNNVD-202508-1858 Information

Aug 15, 2025 cve

CNNVD ID

CNNVD-202508-1858

CVE-2025-54989

  • CNNVD Published: 2025-08-15

Description (Chinese)

Firebird是Firebird基金会的一套开源跨平台的提供多个ANSI SQL-92功能的关系型数据库管理系统。 Firebird 3.0.13之前版本、4.0.6之前版本和5.0.3之前版本存在代码问题漏洞,该漏洞源于XDR消息解析存在空指针取消引用,可能导致拒绝服务攻击。

Description (English)

Firebird is the Open Source Cross Platform of the Firebird Foundation ’ s Relationship Database Management System, which provides multiple ANSI SQL-92 functions. There is a code gap in the previous version of Firebird 3.0.13, the previous version of 4.0.6 and the previous version of 5.0.3, which stems from the fact that the XDR message analysis contains an empty pointer that could lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

代码问题

Published

2025-08-15

Last Modified

2026-02-24

References

https://github.com/FirebirdSQL/firebird/issues/8554 https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25 https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp https://vigilance.fr/vulnerability/Firebird-NULL-pointer-dereference-via-XDR-Message-48056 https://nvd.nist.gov/vuln/detail/CVE-2025-54989

Patch

https://github.com/FirebirdSQL/firebird/releases

Share on: