EUVD-2026-23462
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionNVD
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Remote unauthenticated denial of service in Firebird SQL database server versions prior to 6.0.0/5.0.4/4.0.7/3.0.14 allows attackers to crash the database by sending a malformed op_slice network packet that triggers a null pointer dereference in the SDL_info() function. Attack requires only network access to the database port with no authentication (CVSS AV:N/AC:L/PR:N). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Firebird SQL instances in production and document current versions. Within 7 days: Upgrade to patched versions (3.0.14, 4.0.7, 5.0.4, or 6.0.0 depending on branch) or implement network segmentation to restrict database port access. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today