PT-2022-12134 · Yottadb · Yottadb

Published

2022-04-15

Updated

2022-04-22

CVE-2021-44487

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions YottaDB versions prior to r1.32 and V7.0-000

Description The issue is related to a lack of NULL checks in calls to the ious open function in the sr unix/ious open.c file, which allows attackers to crash the application by dereferencing a NULL pointer.

Recommendations For YottaDB versions prior to r1.32 and V7.0-000, consider applying a patch or fix that adds NULL checks to the ious open function calls to prevent the application from crashing due to NULL pointer dereferences. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2021-44487

Affected Products

Yottadb

PT-2022-12134 · Yottadb · Yottadb

CVE-2021-44487

Weakness Enumeration

Related Identifiers

Affected Products

References · 3