Highdyemanov

**Name of the Vulnerable Software and Affected Versions** Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14 **Description** An issue exists during the deserialization of a slice packet where the `xdr datum()` function fails to validate that a cstring length conforms to the slice descriptor bounds. This allows a cstring longer than the allocated buffer to overflow it. An unauthenticated attacker can exploit this by sending a crafted packet to the server, potentially causing a crash or other security impact. **Recommendations** Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

**Name of the Vulnerable Software and Affected Versions** Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14 **Description** The `xdr status vector()` function fails to handle the `isc arg cstring` type during the decoding of an 'op response' packet. This allows an unauthenticated attacker to cause a server crash by sending a specially crafted 'op response' packet to the server. **Recommendations** Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

**Name of the Vulnerable Software and Affected Versions** Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14 **Description** The `sdl desc()` function fails to validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor can be used to calculate the number of slice items, leading to a division by zero. An unauthenticated attacker can trigger a server crash by sending a specially crafted slice packet. **Recommendations** Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14