The Firebird Project has discovered critical security issues in older versions of all supported releases. If your version is equal to or less than the specified versions (with build numbers) 3.0.13.33809, 4.0.6.3203, or 5.0.3.1651, you need to upgrade to the latest Firebird releases (3.0.13.33818, 4.0.6.3221, 5.0.3.1683, available at www.firebirdsql.org). To emphasize: if you have versions like 3.0.10, 4.0.4, 2.5.8, or 5.0.2, you are in the danger zone.
A zero-day vulnerability was found in all versions of Firebird with version numbers less than 3.0.13.33809, 4.0.6.3203, and 5.0.3.1651 (this means that current releases on www.firebirdsql.org have this issue fixed).
A malicious user can cause a DoS attack on a Firebird server by sending a specific sequence of bytes—no login/password for the server is needed. To exploit the vulnerability, it is sufficient to send a set of bytes to the Firebird port, so we recommend upgrading as soon as possible.
Special note for users of vanilla 2.5: version 2.5 also suffers from this problem, but since it has not been supported by the Firebird Project since 2019, there will be no fix for vanilla Firebird 2.5, so you need to upgrade as soon as possible.
1. Check version of your Firebird: for this run in command line some tool with option -z (from your installation), for example, gstat.exe -z and check the full version. On Windows you can also do right-click on firebird.exe and see tab "Details".
2. If you are running the latest released version - i.e., equal or higher than 3.0.13.33818, 4.0.6.3221, 5.0.3.1683, you are safe. If it is less - you are in danger, so plan upgrade to the latest Firebird release asap.
3. If you are using non-safe old version, make sure that port 3050 is available only for trusted clients connections. Plan upgrade asap.
Do you need help? Contact [email protected] with any questions.