Source: firebird4.0 Version: 4.0.5.3140.ds6-17 Severity: important Tags: security upstream Forwarded: https://github.com/FirebirdSQL/firebird/issues/8554 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: clone -1 -2 Control: reassign -2 src:firebird3.0 3.0.12.ds7-13 Control: retitle -2 firebird3.0: CVE-2025-54989
Hi, The following vulnerability was published for firebird*. CVE-2025-54989[0]: | Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, | and 5.0.3, there is an XDR message parsing NULL pointer dereference | denial-of-service vulnerability in Firebird. This specific flaw | exists within the parsing of xdr message from client. It leads to | NULL pointer dereference and DoS. This issue has been patched in | versions 3.0.13, 4.0.6, and 5.0.3. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-54989 https://www.cve.org/CVERecord?id=CVE-2025-54989 [1] https://github.com/FirebirdSQL/firebird/issues/8554 [2] https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp [3] https://github.com/FirebirdSQL/firebird/commit/169da595f8693fc1a65a79c741724b1bc8db9f25 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
