CVE-2021-44489

Name of the Vulnerable Software and Affected Versions YottaDB versions prior to r1.32 and V7.0-000

Description An issue was discovered that allows attackers to cause an integer underflow of the size of calls to memset in op fnj3 in sr port/op fnj3.c. This can be achieved by using crafted input, resulting in a segmentation fault and crashing the application.

Recommendations For YottaDB versions prior to r1.32 and V7.0-000, consider restricting access to the op fnj3 function in sr port/op fnj3.c to minimize the risk of exploitation. As a temporary workaround, avoid using crafted input that could cause an integer underflow in the size of calls to memset. At the moment, there is no information about a newer version that contains a fix for this vulnerability.