An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in strtok in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer.
{ "urgency": "not yet assigned" }