CVE-2021-44496
Description
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in FIS GT.M up to V7.0-000 allows an attacker to overwrite key data structures via crafted input and memcpy.
Vulnerability
A buffer overflow vulnerability exists in FIS GT.M through V7.0-000 (and the related YottaDB code base). An attacker can control the size variable and buffer passed to a memcpy call using crafted input, leading to memory corruption [1]. Affected versions include GT.M up to V7.0-000 [1]. The issue was identified during fuzz testing of the YottaDB codebase and is one of 40 bugs fixed in the r1.34 release [2].
Exploitation
An attacker can supply specially crafted input to the affected application. This input manipulates the size and buffer arguments to memcpy, allowing the attacker to write past the intended buffer boundaries. No authentication is required if the attacker can deliver the malicious input to the vulnerable code path (e.g., via network messages or file parsing) [2].
Impact
Successful exploitation allows the attacker to overwrite key data structures in memory. By controlling the flow of execution through such corruption, the attacker can potentially achieve arbitrary code execution, leading to full compromise of confidentiality, integrity, and availability [1].
Mitigation
The vendor has fixed these bugs in YottaDB r1.34 release [2]. For FIS GT.M, users should apply the latest updates from the project's sourceforge page [1]. There is no indication that this CVE is listed in the CISA Known Exploited Vulnerabilities catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- FIS/GT.Mdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.htmlmitrex_refsource_MISC
- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
- sourceforge.net/projects/fis-gtm/files/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.