Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
AnalysisAI
Firebird database server crashes via crafted slice packet exploiting zero-length SDL descriptor validation flaw. Remote unauthenticated attackers can trigger division-by-zero errors in the sdl_desc() function to cause denial of service against Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no authentication required. EPSS data not available; no public exploit identified at time of analysis, though technical details in GitHub advisory may facilitate reproduction.
Technical ContextAI
Firebird is an open-source SQL relational database management system derived from Borland InterBase, widely used in embedded and enterprise applications. The vulnerability resides in the sdl_desc() function responsible for processing SDL (Slice Description Language) descriptors from slice packets - a Firebird-specific protocol mechanism for handling array data. CWE-369 (Divide By Zero) occurs when the function fails to validate that a decoded SDL descriptor has non-zero length before using it as a divisor to calculate slice item counts. When a zero-length descriptor is processed, the subsequent arithmetic operation triggers a division-by-zero exception that crashes the database server process. This is a classic input validation failure in network protocol parsing code affecting the core database engine across multiple major version branches (3.x, 4.x, 5.x).
RemediationAI
Immediately upgrade to vendor-released patched versions: Firebird 5.0.4 (https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4), 4.0.7 (https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7), or 3.0.14 (https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14) depending on your major version branch. No workarounds are documented in the security advisory. If immediate patching is not feasible, implement network-level compensating controls: restrict Firebird port 3050/TCP access to trusted IP ranges only using firewall rules (eliminates remote unauthenticated attack surface but breaks legitimate remote database access), deploy a database proxy or gateway with protocol inspection capabilities to filter malformed slice packets (requires specialized tooling and may impact performance), or temporarily disable network listener and run Firebird in local-only mode if application architecture permits (severe functionality limitation). All mitigations except patching carry operational trade-offs and should be considered temporary.
Same weakness CWE-369 – Divide By Zero
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23490