Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1188

NIXPKGS-2026-1188
published on
Permalink CVE-2025-65104
7.9 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): LOW
updated 4 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 day, 17 hours ago
  • @LeSuisse ignored
    3 packages
    • firebird-emu
    • firebird
    • firebird_4
    5 hours ago
  • @LeSuisse ignored reference https://g… 5 hours ago
  • @LeSuisse accepted 5 hours ago
  • @LeSuisse published on GitHub 4 hours ago
Firebird: Information leak vulnerability in firebird3 client when used with newer server

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.

Affected products

firebird
  • ==< 4.0.0

Matching in nixpkgs

Ignored packages (3)

pkgs.firebird

SQL relational database management system

pkgs.firebird-emu

Third-party multi-platform emulator of the ARM-based TI-Nspire™ calculators

  • nixos-unstable 1.6
    • nixpkgs-unstable 1.6
    • nixos-unstable-small 1.6
  • nixos-25.11 1.6
    • nixos-25.11-small 1.6
    • nixpkgs-25.11-darwin 1.6

Package maintainers