CVE-2021-44490

Name of the Vulnerable Software and Affected Versions YottaDB versions through r1.32 and V7.0-000

Description An issue was discovered where attackers can cause a calculation of the size of calls to memset in op fnj3 in sr port/op fnj3.c to result in an extremely large value. This can cause a segmentation fault and crash the application due to a subtraction issue in the expression "- (digs < 1 ? 1 : digs)".

Recommendations For YottaDB versions through r1.32 and V7.0-000, as a temporary workaround, consider restricting access to the op fnj3 function in sr port/op fnj3.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.