Unrated severityNVD Advisory· Published Apr 15, 2022· Updated Aug 4, 2024

CVE-2021-44505

Description

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Crafted input causes a NULL pointer dereference in FIS GT.M (and YottaDB) after ZPrint calls, leading to denial of service.

Vulnerability

The vulnerability resides in the ZPrint routine of FIS GT.M (and the related YottaDB code base) when processing crafted input. A NULL pointer dereference occurs after calls to ZPrint under specific conditions. Affected versions include GT.M through V7.0-000 and corresponding YottaDB releases prior to the fix.

Exploitation

An attacker can exploit this by supplying specially crafted input to the database engine. No authentication is required if the attacker can send input to the system (e.g., via network or local access). The exact sequence involves triggering a ZPrint call with malicious data that leads to a NULL pointer dereference.

Impact

Successful exploitation results in a NULL pointer dereference, causing the database process to crash. This leads to a denial of service (DoS) condition, potentially disrupting database availability.

Mitigation

The issue is fixed in YottaDB release r1.34 as part of a broader fuzz testing fix [2]. For FIS GT.M, users should upgrade to a version beyond V7.0-000 if a patch is available, or apply the corresponding YottaDB fix if using that codebase. No workaround is documented in the available references.

References

Fix bugs exposed by fuzz testing (#828) · Issues · YottaDB / DB / YDB · GitLab

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

FIS/GT.Mdescription
FIS/GT.Mllm-fuzzy
Range: <= V7.0-000
YottaDB/YottaDBllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.htmlmitrex_refsource_MISC
gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
sourceforge.net/projects/fis-gtm/files/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000