CVE-2021-44491

Name of the Vulnerable Software and Affected Versions YottaDB versions through r1.32 and V7.0-000

Description An issue was discovered where attackers can cause a calculation of the size of calls to memset in op fnj3 in sr port/op fnj3.c to result in an extremely large value, leading to a segmentation fault and crashing the application. This issue involves a digs-- calculation.

Recommendations For YottaDB versions through r1.32 and V7.0-000, consider restricting access to the op fnj3 function in sr port/op fnj3.c to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.