CVE-2021-44481
Description
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in YottaDB's check_and_set_timeout function allows attackers to cause a denial of service via crafted input.
Vulnerability
A lack of parameter validation in calls to memcpy within the check_and_set_timeout function in sr_unix/ztimeoutroutines.c allows an attacker to trigger a read from a NULL pointer. This issue affects YottaDB through r1.32 and V7.0-000 [1].
Exploitation
An attacker can exploit this vulnerability by providing specially crafted input that causes check_and_set_timeout to be invoked with invalid parameters, leading to a NULL pointer dereference. No authentication or special privileges are required if the attacker can send data to the affected component.
Impact
Successful exploitation results in a denial of service (crash) due to the NULL pointer dereference. No information disclosure or remote code execution has been demonstrated.
Mitigation
The vulnerability is fixed in YottaDB r1.34, which was released as part of the fuzz testing bug fixes [1]. Users should upgrade to r1.34 or later. No workaround is available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- YottaDB/YottaDBdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.