Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1164

NIXPKGS-2026-1164

GitHub issue published on

Permalink CVE-2026-28224

8.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): HIGH

updated 6 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 19 hours ago
@LeSuisse ignored package firebird-emu 6 hours ago
@LeSuisse ignored
3 references
6 hours ago
@LeSuisse accepted 6 hours ago
@LeSuisse published on GitHub 6 hours ago

Firebird Null Pointer Dereference via CryptCallback causes DOS

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.

References

https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95 x_refsource_CONFIRM
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95 exploit

Ignored references (3)

https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4 x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7 x_refsource_MISC
https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14 x_refsource_MISC

Affected products

firebird

==>= 5.0.0, < 5.0.4
==>= 3.0.0, < 3.0.14
==>= 4.0.0, < 4.0.7

Matching in nixpkgs

pkgs.firebird

SQL relational database management system

nixos-unstable 4.0.6
- nixpkgs-unstable 4.0.6
- nixos-unstable-small 4.0.6
nixos-25.11 4.0.6
- nixos-25.11-small 4.0.6
- nixpkgs-25.11-darwin 4.0.6

pkgs.firebird_3

SQL relational database management system

nixos-unstable 3.0.13
- nixpkgs-unstable 3.0.13
- nixos-unstable-small 3.0.13
nixos-25.11 3.0.13
- nixos-25.11-small 3.0.13
- nixpkgs-25.11-darwin 3.0.13

pkgs.firebird_4

SQL relational database management system

nixos-unstable 4.0.6
- nixpkgs-unstable 4.0.6
- nixos-unstable-small 4.0.6
nixos-25.11 4.0.6
- nixos-25.11-small 4.0.6
- nixpkgs-25.11-darwin 4.0.6

Ignored packages (1)

pkgs.firebird-emu

Third-party multi-platform emulator of the ARM-based TI-Nspire™ calculators

nixos-unstable 1.6
- nixpkgs-unstable 1.6
- nixos-unstable-small 1.6
nixos-25.11 1.6
- nixos-25.11-small 1.6
- nixpkgs-25.11-darwin 1.6

Package maintainers

@MarcWeber Marc Weber <marco-oweber@gmx.de>
@bbenno Benno Bielmeier <nix@bbenno.com>