CVE-2021-44487
Description
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in YottaDB's ious_open function allows attackers to crash the application via crafted input.
Vulnerability
The vulnerability exists in YottaDB versions through r1.32 and V7.0-000. In sr_unix/ious_open.c, the function ious_open lacks NULL pointer checks, leading to a NULL pointer dereference when processing certain inputs. This was discovered through fuzz testing [1].
Exploitation
An attacker can trigger the vulnerability by providing crafted input that causes ious_open to dereference a NULL pointer. No authentication is required if the attacker can send input to the database process. The exact sequence involves sending specially crafted data that reaches the vulnerable code path.
Impact
Successful exploitation results in a denial of service (crash) of the YottaDB application. The vulnerability does not allow code execution or privilege escalation; it only causes a NULL pointer dereference leading to termination.
Mitigation
The fix is included in YottaDB release r1.34, which addresses 40 bugs found by fuzz testing [1]. Users should upgrade to r1.34 or later. No workaround is documented for unpatched versions.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- YottaDB/YottaDBdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.