Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packe…

A null pointer dereference vulnerability exists in Firebird open-source relational database management system. The vulnerability affects versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14. When processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, causing a server crash. An unauthenticated attacker can exploit this by sending a crafted packet to the server port. The issue has been patched in the latest versions across all affected branches.