Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum…

A buffer overflow vulnerability exists in Firebird open-source database management system versions prior to 5.0.4, 4.0.7, and 3.0.14. The vulnerability occurs in the xdr_datum() function when deserializing slice packets, where cstring length validation is not performed against slice descriptor bounds. This allows an unauthenticated attacker to send crafted packets causing buffer overflow, potentially leading to server crashes or other security impacts. The issue has been patched in the latest versions across all affected branches.