CVE-2021-44488

Vulnerability

CVE-2021-44488 affects YottaDB through r1.32 and V7.0-000. The bug resides in the function op_fnfnumber in sr_port/op_fnfnumber.c. By supplying crafted input, an attacker can control both the size and the data passed to a memcpy call, leading to a buffer overflow. The issue was discovered during fuzz testing and is tracked as YottaDB issue #828 [1].

Exploitation

An attacker needs the ability to supply crafted input to YottaDB. The vulnerability is reachable without authentication, as it is triggered by processing malicious data. The exact attack vector involves sending specially crafted arguments that influence the memcpy size and source parameters, causing out-of-bounds memory access. No user interaction beyond submitting the crafted input is required [1].

Impact

Successful exploitation allows an attacker to corrupt heap memory or crash the application. The impact is a denial of service (application crash) or potentially arbitrary memory corruption. The privilege level of the attacker is unauthenticated remote or local user. Information disclosure is not directly described in the references, but memory corruption could lead to that [1].

Mitigation

The issue was fixed in YottaDB r1.34, released in 2021. Users should upgrade to r1.34 or later. No workarounds are documented for versions prior to r1.34. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1].