CVE-2021-44489

Vulnerability

An integer underflow vulnerability exists in YottaDB through r1.32 and V7.0-000 in the op_fnj3 function in sr_port/op_fnj3.c. By providing specially crafted input, an attacker can cause an integer underflow of the size parameter passed to memset, leading to undefined behavior. The issue is described as a "- digs" subtraction. [1]

Exploitation

The attacker must be able to supply crafted input to the YottaDB database engine. No authentication is required, but the attacker must have the ability to submit or manipulate data processed by op_fnj3. The underflow occurs when the input triggers a subtraction that results in a negative value, which is then used as the size argument to memset, causing a segmentation fault. [1]

Impact

Successful exploitation results in a segmentation fault (crash) of the YottaDB process, leading to a denial of service (availability impact). There is no indication of information disclosure or remote code execution. The crash prevents normal database operations until the process is restarted. [1]

Mitigation

The issue was fixed in YottaDB r1.34, as described in the issue related to fuzz testing. Users should upgrade to r1.34 or later. Workarounds for unpatched versions are not available; the vulnerability can be triggered by untrusted input. [1]