CVE-2026-35215

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14

Description The sdl desc() function fails to validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor can be used to calculate the number of slice items, leading to a division by zero. An unauthenticated attacker can trigger a server crash by sending a specially crafted slice packet.

Recommendations Update to version 5.0.4 Update to version 4.0.7 Update to version 3.0.14

Fix

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2026-05716

CVE-2026-35215

OESA-2026-2013

OESA-2026-2014

OESA-2026-2015

OESA-2026-2016

OESA-2026-2017

Affected Products

Firebird

Red Os

CVE-2026-35215

Weakness Enumeration

Related Identifiers

Affected Products

References · 35