CVE-2021-44500

Vulnerability

A divide-by-zero vulnerability exists in FIS GT.M through V7.0-000 and the related YottaDB code base. The issue resides in the eb_div function in sr_port/eb_muldiv.c. Due to a lack of input validation, a specially crafted input can cause a division by zero, leading to an application crash [1][2].

Exploitation

An attacker can trigger the vulnerability by providing a crafted input that results in a divide-by-zero operation in the eb_div function. No authentication or special privileges are required; the attacker only needs the ability to send input to the database engine [1][2].

Impact

Successful exploitation results in a denial of service, crashing the GT.M or YottaDB application. The vulnerability does not appear to allow code execution or privilege escalation, only a crash [1][2].

Mitigation

FIS GT.M has not released a patch as of publication; users should monitor the GT.M sourceforge page for updates [1]. YottaDB has addressed the issue in the r1.34 release, as part of fixes for bugs exposed by fuzz testing [2]. Users of YottaDB should upgrade to r1.34 or later. For GT.M, no fix is yet available in the referenced sources [1].