CVE-2021-44482
Description
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Lack of input validation in YottaDB through r1.32 and V7.0-000 allows a crash by corrupting a function pointer leading to a NULL pointer jump.
Vulnerability
In YottaDB through r1.32 and V7.0-000, the do_verify function in sr_unix/do_verify.c lacks input validation, which can lead to a corrupt function pointer [1]. This issue was among 40 bugs found during fuzz testing and fixed in the r1.34 release [1].
Exploitation
An attacker requires the ability to corrupt a function pointer in the do_verify call path, likely through crafted input that bypasses validation. The exact prerequisites and steps are not detailed in the available references, but the vulnerability is reachable via fuzz testing [1].
Impact
Successful exploitation allows an attacker to cause a NULL pointer dereference, resulting in a crash (denial of service). The impact is limited to availability; no code execution or privilege escalation is described in the references [1].
Mitigation
YottaDB r1.34, released with fixes for this issue and 39 other bugs, addresses this vulnerability [1]. Update to r1.34 or later. No workarounds are documented, and there is no indication that the device is on the CISA KEV list.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- YottaDB/YottaDBdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.