CVE-2026-35215
Published: 17 April 2026
Summary
CVE-2026-35215 is a high-severity Divide By Zero (CWE-369) vulnerability in Firebirdsql Firebird. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation of the specific division-by-zero flaw through patching to Firebird versions 5.0.4, 4.0.7, or 3.0.14.
Requires validation of the length of decoded SDL descriptors from incoming slice packets to block zero-length values that trigger the division-by-zero error.
Mandates proper error handling for invalid descriptors and division-by-zero conditions to prevent server crashes from crafted packets.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote unauthenticated exploitation of the Firebird database server via a crafted slice packet, directly causing a crash through division-by-zero, matching T1499.004 (Application or System Exploitation) for Endpoint Denial of Service.
NVD Description
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to…
more
calculate the number of slice items, causing a division by zero. An unauthenticated attacker can exploit this by sending a crafted slice packet to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
Deeper analysisAI
CVE-2026-35215 is a denial-of-service vulnerability in Firebird, an open-source relational database management system. The issue resides in the sdl_desc() function, which fails to validate the length of a decoded SDL descriptor extracted from a slice packet. This allows a zero-length descriptor to propagate, resulting in a division-by-zero error when calculating the number of slice items. Affected versions include those prior to 5.0.4, 4.0.7, and 3.0.14.
An unauthenticated remote attacker can exploit this vulnerability with low complexity by sending a specially crafted slice packet to the server, as indicated by the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Successful exploitation leads to a server crash, causing a denial of service without impacting confidentiality or integrity. The root cause is tracked under CWE-369 (Divide by Zero).
Mitigation is available through patched releases: Firebird 5.0.4, 4.0.7, and 3.0.14. Security practitioners should upgrade affected installations immediately. Official advisories and release notes are published at https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-g99w-prq5-29c6 and the respective release tags: https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14, https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7, and https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4.
Details
- CWE(s)