EUVD-2026-23490CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionNVD
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Firebird database server crashes via crafted slice packet exploiting zero-length SDL descriptor validation flaw. Remote unauthenticated attackers can trigger division-by-zero errors in the sdl_desc() function to cause denial of service against Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Firebird instances in your environment and document their versions. Within 7 days: Upgrade affected Firebird deployments to version 5.0.4, 4.0.7, or 3.0.14 (or later) according to your deployment roadmap and test in non-production environments first. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today