Nixpkgs security tracker
NIXPKGS-2026-1188
GitHub issue
published 2 months, 1 week ago
Permalink
CVE-2025-65104
7.9 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): Low (L)
- Integrity (I): High (H)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
3 packages
- firebird-emu
- firebird
- firebird_4
- @LeSuisse accepted
- @LeSuisse published on GitHub
Firebird: Information leak vulnerability in firebird3 client when used with newer server
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
References
-
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg x_refsource_CONFIRM
Ignored references (1)
-
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0 x_refsource_MISC
Affected products
firebird
- ==< 4.0.0
Matching in nixpkgs
pkgs.firebird_3
SQL relational database management system
Ignored packages (3)
pkgs.firebird
SQL relational database management system
pkgs.firebird_4
SQL relational database management system
pkgs.firebird-emu
Third-party multi-platform emulator of the ARM-based TI-Nspire™ calculators
Package maintainers
-
@bbenno Benno Bielmeier <nix@bbenno.com>