Firebird: DoS via malicious slice descriptor in slice packet

CVE-2026-35215 影响 Firebird 数据库管理系统 5.0.4、4.0.7 之前的版本以及 3.0.14。此漏洞源于对从切片数据包中解码的 SDL 描述符长度的验证不足。具体来说，sdl_desc() 函数未能正确检查长度，从而允许使用零长度描述符来计算切片项的数量，导致除以零错误。这会导致服务器崩溃。此漏洞的 CVSS 分数为 7.5，表明存在重大风险。

Organizations running Firebird database servers in production, particularly those using versions 3.0.0–>= 5.0.0, < 5.0.4, are at risk. This includes businesses relying on Firebird for data storage and applications that interact with the database. Shared hosting environments where multiple users share a Firebird instance are also at increased risk, as a compromised user could potentially exploit the vulnerability.

• linux / server:

journalctl -u firebird -f | grep "division by zero"

• database (mysql):

SELECT version(); -- Check Firebird version against affected ranges.

• generic web: Monitor Firebird server logs for errors related to SDL descriptors or slice packets. Look for unusual network traffic patterns targeting the Firebird port.

1. 2026-04-17Disclosure

   disclosure

1. 已保留2026-04-01
2. 发布日期2026-04-17
3. 修改日期2026-04-20
4. EPSS 更新日期2026-04-25

建议的缓解措施是升级到包含修复程序的 Firebird 版本。版本 5.0.4、4.0.7 和 3.0.14 包含必要的补丁。如果无法立即升级，请考虑审查网络安全实践以限制 Firebird 服务器的暴露。这可能包括限制网络访问、实施防火墙以及监控网络流量以查找可疑模式。及时应用补丁对于保护数据和系统完整性至关重要。