CVE-2021-44504

Vulnerability

An issue in FIS GT.M through V7.0-000 (and the related YottaDB code base) allows a crafted input to cause a size variable stored as a signed int to equal an extremely large value. This large value is incorrectly interpreted as a negative number during a subsequent sanity check, which passes the check. The negative-turned-positive large value is then used as the size argument in a memcpy call on the stack, resulting in a memory segmentation fault [2].

Exploitation

An attacker needs the ability to supply crafted input to an application using the vulnerable GT.M or YottaDB database engine. No authentication or special privileges are required beyond the ability to send the specially prepared data. The exploitation sequence involves providing input that triggers the signed integer overflow, causing the size variable to overflow to a negative value that circumvents a size validation check and subsequently causes an out-of-bounds stack memcpy [2].

Impact

Successful exploitation causes a segmentation fault, leading to a denial of service (DoS) of the database engine and any dependent applications. The impact is limited to service availability; there is no evidence of information disclosure or remote code execution in the available references [1][2].

Mitigation

The issues were fixed in YottaDB r1.34 release [2]. Users of FIS GT.M should consult the vendor for patched versions or apply the equivalent fixes from the YottaDB repository. If an immediate patch is unavailable, restricting untrusted user input to the database engine may reduce the risk [1][2].