Firebird Null Pointer Dereference Vulnerability Leading to Server Crash

A null pointer dereference vulnerability has been identified in Firebird, an open-source relational database management system. This issue affects versions prior to 6.0.0, 5.0.4, 4.0.7, and 3.0.14. The vulnerability arises when the server processes an 'op_slice' network packet. The server passes an unprepared structure containing a null pointer to the 'SDL_info()' function, causing a null pointer dereference that leads to a server crash. An unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the server port.

Impact

Exploitation of this vulnerability causes the Firebird server to crash, disrupting its availability.

Reproduction

To reproduce this vulnerability, send a network packet to the Firebird server's port (default is 3050) with the 'opcode' set to 60, 'f1' set to 0, and 'f2' set to a value greater than 0. This can be done using a Python script that creates the packet and sends it to the server.

Remediation

Users can upgrade to Firebird versions 6.0.0, 5.0.4, 4.0.7, or 3.0.14 to address this vulnerability.