Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN563 _____________________________________________________________________ DATE : 01/09/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Firebird versions prior to 6.0.0.609, 5.0.3, 4.0.6, 3.0.13. ===================================================================== https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69 https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp _____________________________________________________________________ Non-authorized (without secret key) access to encrypted database using execute statement on external. High AlexPeshkoff published GHSA-fx9r-rj68-7p69 Aug 15, 2025 Package All firebird versions starting with 4.0.0. Affected versions <= 4.0.7, <= 5.0.3 Patched versions Equal or greater than: 6.0.0.609, 5.0.2.1610, 4.0.6.3183 Description Impact Connections stored in ExtConnPool are not verified for presence and suitability of CryptCallback interface used when they were created vs actually available currently. Additional problem with vulnerability is that use of inappropriate CryptCallback interface may cause segfault in server process. To be impacted by this vulnerability one should use ExtConnPool (i.e. set to non-zero parameter ExtConnPoolSize in firebird.conf). Encrypted database, accessed by execute statement on external, may be accessed later by attachment missing a key to that database. In a case when execute statement are chained segfault may happen. What is worse that segfault may take place even for unencrypted databases. Patches Currently one can use the following or later snapshots: 6.0.0.609 5.0.2.1610 4.0.6.3183 or point releases: 5.0.2 4.0.6 Present in them fix for #8429 also fixes this GHSA. Workarounds Set ExtConnPoolSize=0 in firebird.conf. This is default value - i.e. if you never tuned it you are not impacted. Severity High 7.1/ 10 CVSS v3 base metrics Attack vector Network Attack complexity High Privileges required Low User interaction None Scope Unchanged Confidentiality High Integrity High Availability Low CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE ID CVE-2025-24975 Weaknesses No CWEs _____________________________________________________________________ ZDI-CAN-26486: XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability Moderate AlexPeshkoff published GHSA-7qp6-hqxj-pjjp Aug 15, 2025 Package Any firebird version before the fix Affected versions Any firebird version before the fix Patched versions 5.0.3 / 4.0.6 / 3.0.13 Description Impact The specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. Patches Currently one can use the following or later point releases: 5.0.3 4.0.6 3.0.13 Severity Moderate 5.3/ 10 CVSS v3 base metrics Attack vector Network Attack complexity Low Privileges required None User interaction None Scope Unchanged Confidentiality None Integrity None Availability Low CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE ID CVE-2025-54989 Weaknesses No CWEs ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================