CVE-2021-44510

Vulnerability

The vulnerability resides in the op_fnj3 function within sr_port/op_fnj3.c of FIS GT.M (through V7.0-000) and the related YottaDB code base. By providing specially crafted input, an attacker can trigger a miscalculation of the size argument passed to memset during the processing of numerical operations. This results in an extremely large value that causes a segmentation fault, crashing the application. The affected versions include all GT.M releases up to and including V7.0-000 [1][2].

Exploitation

An attacker needs the ability to supply crafted input to a GT.M or YottaDB process that reaches the op_fnj3 code path. No special authentication or network position is described beyond the ability to deliver the malicious input. The exact sequence involves the attacker providing a specially crafted numeric or string input that leads to an erroneous size calculation for the memset call, which then writes beyond allocated memory boundaries or triggers a segmentation fault.

Impact

Successful exploitation causes a segmentation fault, resulting in a denial of service (DoS) by crashing the affected GT.M or YottaDB application. No code execution or privilege escalation is indicated in the available references; the impact is limited to application termination [2].

Mitigation

Fixes for this issue were addressed in the YottaDB r1.34 release, as documented in the GitLab issue tracking the bugs discovered by fuzz testing [2]. GT.M users should consult the vendor for an updated version that patches this vulnerability. If no official fix is available for the GT.M branch, users are advised to apply input validation or restrict untrusted input to mitigate the crash risk.