CVE-2021-44504

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-44504
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44504.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-44504
Related
Published
2022-04-15T18:15:09Z
Modified
2024-10-12T08:37:43.677648Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.

References

Affected packages

Debian:11 / fis-gtm

Package

Name
fis-gtm
Purl
pkg:deb/debian/fis-gtm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.3-014-3

7.*

7.0-002-1
7.0-002-2
7.0-002-3
7.0-004-1
7.0-004-2
7.0-005-1
7.0-005-2
7.0-005-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / fis-gtm

Package

Name
fis-gtm
Purl
pkg:deb/debian/fis-gtm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0-005-1
7.0-005-2
7.0-005-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / fis-gtm

Package

Name
fis-gtm
Purl
pkg:deb/debian/fis-gtm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0-005-1
7.0-005-2
7.0-005-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.com/YottaDB/DB/YDB

Affected ranges

Type
GIT
Repo
https://gitlab.com/YottaDB/DB/YDB
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

V4.*

V4.2-002
V4.3-000
V4.3-001A
V4.3-001B
V4.3-001D
V4.3-001E
V4.4-002
V4.4-003
V4.4-004
V4.4-FT01

V5.*

V5.0-000
V5.0-000C
V5.0-000D
V5.1-000
V5.2-000
V5.2-000A
V5.2-000B
V5.2-001
V5.3-000
V5.3-001
V5.3-001A
V5.3-002
V5.3-003
V5.3-004
V5.3-004A
V5.4-000
V5.4-000A
V5.4-001
V5.4-002
V5.4-002A
V5.4-002B
V5.5-000

V6.*

V6.0-000x64
V6.0-000x86
V6.0-001
V6.0-002
V6.0-003
V6.1-000
V6.2-000
V6.2-001
V6.2-002
V6.2-002A
V6.3-000
V6.3-000A
V6.3-001
V6.3-001A
V6.3-002
V6.3-003
V6.3-003A
V6.3-004
V6.3-005
V6.3-006
V6.3-007
V6.3-008
V6.3-009
V6.3-010
V6.3-011
V6.3-012
V6.3-013
V6.3-014

V7.*

V7.0-000