CVE-2021-44504

Name of the Vulnerable Software and Affected Versions FIS GT.M versions through V7.0-000

Description An issue was discovered related to the YottaDB code base. Using crafted input, an attacker can cause a size variable, stored as a signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.

Recommendations For versions through V7.0-000, consider applying configuration changes to restrict the input that can cause the size variable to reach an extremely large value, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.