CVE-2021-44502
Description
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An issue in FIS GT.M (and YottaDB) allows an attacker to control the size of a memset in util_format, potentially leading to buffer overflow or denial of service.
Vulnerability
An issue exists in FIS GT.M through version V7.0-000 and the related YottaDB code base. The vulnerability resides in the util_format function in sr_unix/util_output.c. By providing crafted input, an attacker can control the size argument passed to a memset call, leading to a potential buffer overflow. Affected versions include GT.M up to V7.0-000 and YottaDB prior to the r1.34 release [1][2].
Exploitation
An attacker can exploit this vulnerability by sending specially crafted input to the database engine. No authentication is required, and the attack can be performed remotely if the database accepts network connections. The crafted input triggers a call to util_format with a user-controlled size for memset, which can cause memory corruption.
Impact
Successful exploitation could result in memory corruption, potentially leading to denial of service or arbitrary code execution. The exact impact depends on the attacker's ability to control the size and subsequent memory operations.
Mitigation
The vulnerability is fixed in YottaDB release r1.34, as documented in the associated issue [2]. For FIS GT.M, users should upgrade to a version beyond V7.0-000 once a patch is available. No workarounds have been disclosed in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- FIS/GT.Mdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.htmlmitrex_refsource_MISC
- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
- sourceforge.net/projects/fis-gtm/files/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.