{"id":"UBUNTU-CVE-2025-24975","details":"Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.","modified":"2026-01-20T18:16:46.840045Z","published":"2025-08-15T15:15:00Z","upstream":["CVE-2025-24975"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-24975"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-24975"},{"type":"REPORT","url":"https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69"},{"type":"REPORT","url":"https://github.com/FirebirdSQL/firebird/issues/8429"},{"type":"REPORT","url":"https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6"}],"affected":[{"package":{"name":"firebird3.0","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/firebird3.0@3.0.2.32703.ds4-11ubuntu2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.2.32703.ds4-9","3.0.2.32703.ds4-11ubuntu1","3.0.2.32703.ds4-11ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"firebird-dev"},{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"firebird3.0-common"},{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"firebird3.0-examples"},{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"firebird3.0-server"},{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"firebird3.0-server-core"},{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"firebird3.0-utils"},{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"libfbclient2"},{"binary_version":"3.0.2.32703.ds4-11ubuntu2","binary_name":"libib-util"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24975.json"}},{"package":{"name":"firebird3.0","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/firebird3.0@3.0.5.33220.ds4-1build2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.5.33100.ds4-3","3.0.5.33189.ds4-1","3.0.5.33209.ds4-1","3.0.5.33220.ds4-1","3.0.5.33220.ds4-1build1","3.0.5.33220.ds4-1build2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"firebird-dev"},{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"firebird3.0-common"},{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"firebird3.0-examples"},{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"firebird3.0-server"},{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"firebird3.0-server-core"},{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"firebird3.0-utils"},{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"libfbclient2"},{"binary_version":"3.0.5.33220.ds4-1build2","binary_name":"libib-util"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24975.json"}},{"package":{"name":"firebird3.0","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/firebird3.0@3.0.8.33535.ds4-1ubuntu2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.7.33374.ds4-2","3.0.8.33535.ds4-1ubuntu1","3.0.8.33535.ds4-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"firebird-dev"},{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"firebird3.0-common"},{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"firebird3.0-examples"},{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"firebird3.0-server"},{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"firebird3.0-server-core"},{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"firebird3.0-utils"},{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"libfbclient2"},{"binary_version":"3.0.8.33535.ds4-1ubuntu2","binary_name":"libib-util"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24975.json"}},{"package":{"name":"firebird3.0","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/firebird3.0@3.0.11.33703.ds4-2ubuntu2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.11.33637.ds4-2ubuntu1","3.0.11.33637.ds4-2ubuntu2","3.0.11.33703.ds4-2ubuntu1","3.0.11.33703.ds4-2ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"firebird-dev"},{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"firebird3.0-common"},{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"firebird3.0-examples"},{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"firebird3.0-server"},{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"firebird3.0-server-core"},{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"firebird3.0-utils"},{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"libfbclient2"},{"binary_version":"3.0.11.33703.ds4-2ubuntu2","binary_name":"libib-util"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24975.json"}},{"package":{"name":"firebird3.0","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/firebird3.0@3.0.12.ds7-12?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.12.ds7-12"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.12.ds7-12","binary_name":"firebird3.0-common"},{"binary_version":"3.0.12.ds7-12","binary_name":"firebird3.0-examples"},{"binary_version":"3.0.12.ds7-12","binary_name":"firebird3.0-server"},{"binary_version":"3.0.12.ds7-12","binary_name":"firebird3.0-server-core"},{"binary_version":"3.0.12.ds7-12","binary_name":"firebird3.0-utils"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24975.json"}},{"package":{"name":"firebird4.0","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/firebird4.0@4.0.6.3221.ds6-2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.0.5.3140.ds6-16","4.0.5.3140.ds6-17","4.0.6.3221.ds6-2"],"ecosystem_specific":{"binaries":[{"binary_version":"4.0.6.3221.ds6-2","binary_name":"firebird-dev"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"firebird-utils"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"firebird4.0-common"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"firebird4.0-examples"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"firebird4.0-server"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"firebird4.0-server-core"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"firebird4.0-utils"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"libfbclient2"},{"binary_version":"4.0.6.3221.ds6-2","binary_name":"libib-util"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24975.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}