CVE-2021-44509
Description
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer underflow in op_fnj3 of FIS GT.M through V7.0-000 allows attackers to cause a segmentation fault via crafted input.
Vulnerability
An integer underflow vulnerability exists in the op_fnj3 function in sr_port/op_fnj3.c of FIS GT.M through version V7.0-000 (also affecting the YottaDB code base). The underflow occurs in the size argument passed to memset, triggered by specially crafted input. No special configuration is required; the vulnerable code path is reachable during normal database operations with malicious input.
Exploitation
An attacker can provide crafted input to trigger an integer underflow in the memset call within op_fnj3. This does not require authentication or elevated privileges; the attacker only needs the ability to supply input to the GT.M process (e.g., via SQL queries or MUMPS commands). The fuzz testing identified this bug by sending malformed data [2].
Impact
Successful exploitation causes a segmentation fault, leading to an application crash. This results in a denial of service (DoS) for the GT.M database process. No code execution or data corruption has been demonstrated from this vulnerability.
Mitigation
FIS GT.M users should upgrade to a version beyond V7.0-000. The issue was fixed in the YottaDB r1.34 release as part of fuzz testing fixes [2]. If upgrading is not possible, limiting input validation and using application-level filtering may reduce risk.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- FIS/GT.Mdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.htmlmitrex_refsource_MISC
- gitlab.com/YottaDB/DB/YDB/-/issues/828mitrex_refsource_MISC
- sourceforge.net/projects/fis-gtm/files/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.