Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the le…

A denial of service vulnerability exists in Firebird open-source database management system versions prior to 5.0.4, 4.0.7 and 3.0.14. The sdl_desc() function fails to validate the length of decoded SDL descriptors from slice packets. When a zero-length descriptor is processed, it causes a division by zero error during slice item calculation. Unauthenticated attackers can exploit this flaw by sending specially crafted slice packets to crash the database server. The vulnerability has been patched in the latest versions across all affected branches.