CVE-2021-44486
Description
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
YottaDB through r1.32 and V7.0-000 allow crafted input to overwrite a function pointer in op_write.c, enabling code execution.
Vulnerability
YottaDB versions through r1.32 and V7.0-000 contain a flaw in the sr_port/op_write.c file. By providing specially crafted input, an attacker can manipulate the value of a function pointer used in the op_write routine. This vulnerability was identified during fuzz testing and is tracked in [1].
Exploitation
An attacker with the ability to send crafted input to the database can exploit this vulnerability. The exact network position or authentication level is not detailed in the available references [1], but the attack requires the ability to provide input that reaches the op_write function. No user interaction beyond submitting the crafted input is needed.
Impact
Successful exploitation allows the attacker to control the function pointer, thereby gaining control of the program’s execution flow. This can lead to arbitrary code execution within the context of the YottaDB process.
Mitigation
The issue was fixed in YottaDB release r1.34, as noted in [1]. Users should upgrade to r1.34 or later. No workarounds have been disclosed for versions prior to the fix.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- YottaDB/YottaDBdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.