CVE-2021-44507
Description
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A lack of parameter validation in memcpy calls in GT.M str_tok allows NULL pointer read, leading to denial of service.
Vulnerability
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). In sr_unix/ztimeoutroutines.c, the function str_tok calls memcpy without validating its parameters, allowing an attacker to cause a read from a NULL pointer. This vulnerability affects GT.M versions up to V7.0-000 and corresponding YottaDB versions before r1.34 [1][2].
Exploitation
An attacker can trigger this vulnerability by providing crafted input that causes str_tok to pass a NULL pointer to memcpy. No special privileges are required; the attacker only needs the ability to send input to a process that uses the affected function. The exact attack vector depends on the application using GT.M or YottaDB.
Impact
A successful attack results in a read from a NULL pointer, which typically causes a segmentation fault and crash, leading to denial of service (DoS). No code execution or data corruption is expected from this bug.
Mitigation
YottaDB fixed this issue in release r1.34 [2]. GT.M users should contact FIS for a fix or upgrade to a patched version. As of publication, no workaround is available for unpatched systems.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- FIS/GT.Mdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.htmlmitrex_refsource_MISC
- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
- sourceforge.net/projects/fis-gtm/files/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.