Unrated severityNVD Advisory· Published Apr 15, 2022· Updated Aug 4, 2024

CVE-2021-44492

Description

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NULL pointer dereference in f_incr() of YottaDB up to r1.32 and GT.M up to V7.0-000 allows crash via crafted input.

Vulnerability

The vulnerability exists in the function f_incr in sr_port/f_incr.c of YottaDB (through r1.32) and FIS GT.M (through V7.0-000). When the function receives crafted input, it incorrectly initializes a type, leading to a NULL pointer dereference. The issue was discovered through fuzz testing as part of YottaDB’s efforts to improve robustness [2].

Exploitation

An attacker can exploit this vulnerability by providing specially crafted input to the database system. No authentication or special privileges are required if the attacker can send data that reaches the vulnerable function. The exact vector depends on the deployment, but any network or local interface that feeds input to the database could be used.

Impact

Successful exploitation causes a crash due to a NULL pointer dereference, resulting in a denial of service. There is no evidence of code execution or data compromise from this vulnerability.

Mitigation

For YottaDB, the fix is included in the r1.34 release, which addressed 40 bugs found via fuzz testing [2]. For FIS GT.M, no specific fix version is mentioned in the available references; users should monitor vendor updates. There is no known workaround.

References

Fix bugs exposed by fuzz testing (#828) · Issues · YottaDB / DB / YDB · GitLab

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

YottaDB/YottaDBdescription
FIS/GT.Mllm-fuzzy
Range: <= V7.0-000
YottaDB/YottaDBllm-fuzzy
Range: <= r1.32, <= V7.0-000

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.htmlmitrex_refsource_MISC
gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
sourceforge.net/projects/fis-gtm/files/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000