Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Published: 2026-04-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Division by Zero
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a lack of validation for the length of a decoded SDL descriptor received in a slice packet. A zero‑length descriptor is later used to compute the number of slice items, triggering a division by zero that crashes the Firebird server and results in a denial of service. The weakness is a classic divide‑by‑zero error (CWE‑369), allowing an attacker to interrupt service without compromising confidentiality or integrity.

Affected Systems

FirebirdSQL Firebird is affected in all releases prior to 5.0.4, 4.0.7 and 3.0.14. The problem is present in the sdl_desc() function used by the database engine and is only mitigated by the corresponding vendor releases.

Risk and Exploitability

The CVSS score of 7.5 indicates a moderate to high severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, so there is no publicly known exploit at this time. Nevertheless, the attack is straightforward: an unauthenticated client can send a malicious slice packet over the network to any accessible Firebird instance, causing an immediate service crash. Attackers would benefit from unrestricted network reach to the database port, and no special privileges are required.

Generated by OpenCVE AI on April 18, 2026 at 17:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to Firebird 5.0.4 or newer (or the corresponding 4.0.7/3.0.14 releases) and restart the database engine.
  • Limit database access to trusted hosts or use firewall rules to block unauthenticated connections to the Firebird port.
  • Configure system logging and monitoring to detect unexpected server crashes, and deploy a hotfix or patch as soon as one is released.

Generated by OpenCVE AI on April 18, 2026 at 17:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Firebirdsql
Firebirdsql firebird
Vendors & Products Firebirdsql
Firebirdsql firebird

Fri, 17 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Description Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Title Firebird: DoS via malicious slice descriptor in slice packet
Weaknesses CWE-369
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Firebirdsql Firebird
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-17T18:59:23.663Z

Reserved: 2026-04-01T18:48:58.937Z

Link: CVE-2026-35215

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-17T20:16:35.240

Modified: 2026-04-17T20:16:35.240

Link: CVE-2026-35215

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:15:05Z

Weaknesses