Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Remote unauthenticated denial of service in Firebird SQL database server versions prior to 6.0.0/5.0.4/4.0.7/3.0.14 allows attackers to crash the database by sending a malformed op_slice network packet that triggers a null pointer dereference in the SDL_info() function. Attack requires only network access to the database port with no authentication (CVSS AV:N/AC:L/PR:N). No public exploit code identified at time of analysis, and EPSS data not available for this recent CVE. Fixed versions released by vendor across all maintained branches.
Technical ContextAI
Firebird is an open-source SQL relational database management system descended from Borland InterBase, commonly deployed on default port 3050/TCP. The vulnerability resides in the server's network packet processing logic, specifically when handling op_slice packets used for array slice operations in the wire protocol. The SDL_info() function expects a properly initialized structure containing metadata about array descriptors, but the packet handler passes an unprepared structure with a null pointer, triggering CWE-476 (NULL Pointer Dereference). This is a classic memory safety issue where input validation fails to ensure required structure initialization before use. The affected CPE spans all Firebird versions across the 3.x, 4.x, and 5.x branches prior to the March 2025 coordinated patch releases, indicating the flaw existed in the codebase for multiple major version lineages.
RemediationAI
Upgrade to patched Firebird versions immediately: 3.0.14 (https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14), 4.0.7 (https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7), 5.0.4 (https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4), or 6.0.0 or later. All releases are available from the official GitHub repository. If immediate patching is not feasible, implement network-level access controls to restrict Firebird port (default 3050/TCP) access to trusted IP ranges only via firewall rules or VPN. This significantly raises attacker cost but does not eliminate risk from internal or authenticated network positions. For embedded deployments not exposed to network attack surfaces, risk is substantially lower but patching remains recommended for defense-in-depth. Note that access restrictions may impact legitimate remote database clients and require application architecture review. No server-side configuration workaround exists to disable op_slice packet handling without breaking array functionality.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23462