Unrated severityNVD Advisory· Published Apr 15, 2022· Updated Aug 4, 2024

CVE-2021-44490

Description

An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

YottaDB through r1.32 and V7.0-000 has a segmentation fault in op_fnj3 due to a calculation error for memset size.

Vulnerability

YottaDB through r1.32 and V7.0-000 contains a vulnerability in sr_port/op_fnj3.c where a calculation of the size for memset calls results in an extremely large value due to a - (digs < 1 ? 1 : digs) subtraction. This can be triggered using crafted input, leading to a segmentation fault and application crash [1]. The issue was identified through fuzz testing and fixed in the r1.34 release [1].

Exploitation

An attacker can exploit this vulnerability by providing specially crafted input to YottaDB that triggers the flawed size calculation in op_fnj3. No prior authentication or special privileges are required; the attack can be carried out remotely if the application processes untrusted input. The crafted input causes the memset size to become extremely large, resulting in a segmentation fault.

Impact

Successful exploitation causes a segmentation fault, crashing the YottaDB application. This results in a denial of service (availability impact). The vulnerability does not directly lead to information disclosure or privilege escalation, but service disruption can affect dependent systems.

Mitigation

The issue is fixed in YottaDB r1.34 [1]. Users should upgrade to version r1.34 or later. For earlier versions that are end of life, no patch is available; upgrading to a supported release is recommended. No other workarounds are mentioned in the references.

References

Fix bugs exposed by fuzz testing (#828) · Issues · YottaDB / DB / YDB · GitLab

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

YottaDB/YottaDBdescription
YottaDB/YottaDBllm-fuzzy
Range: <= r1.32, <= V7.0-000

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000