YottaDB has an unspecified vulnerability (CNVD-2022-36992)

YottaDB is a real-time database from YottaDB, Inc. A security vulnerability exists in versions of YottaDB prior to r1.32 and V7.0-000, which could be exploited by an attacker to control the size and input of memcpy calls to opfnfnumber in srport/opfnfnumber.c to corrupt memory or crash the...

YottaDB has an unspecified vulnerability (CNVD-2022-31935)

YottaDB is a real-time database from YottaDB, Inc. A security vulnerability exists in YottaDB versions prior to r1.32 and V7.0-000, which could be exploited by an attacker to calculate the size of a call to memset in opfnj3 in srport/opfnj3.c, resulting in a very large value that could cause a...

CVE-2021-44506

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of input validation in calls to doverify in srunix/doverify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer...

CVE-2021-44498

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, attackers can cause a type to be incorrectly initialized in the function fincr in srport/fincr.c and cause a crash due to a NULL pointer dereference...

CVE-2021-44501

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference...

Design/Logic Flaw

An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in opfnj3 in srport/opfnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- di...

UBUNTU-CVE-2021-44499

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that...

Null pointer dereference

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference...

CVE-2021-44505

The CVE-2021-44505 issue affects FIS GT.M through V7.0-000 (tied to the YottaDB codebase) and is caused by a NULL pointer dereference after ZPrint when inputs are crafted. Multiple connected sources confirm the vulnerability and do not provide a published patch/fix detail within the documents; so...

CVE-2021-44503

CVE-2021-44503 affects FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can trigger a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault. The vulnerability is described across multiple sources as a memo...

CVE-2021-44501

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference...

CVE-2021-44499

CVE-2021-44499 affects FIS GT.M through V7.0-000 (YottaDB code base). Crafted input can make $Extract push a signed integer indicating buffer size to a large negative value, used as the length of a memcpy on the stack, causing a buffer overflow. Impact and exploit status are not detailed beyond t...

CVE-2021-44497

The CVE-2021-44497 issue affects FIS GT.M through V7.0-000 (tied to the YottaDB code base). The vulnerability arises when crafted input causes the bounds of a for loop to be miscalculated, leading to a use-after-free condition where a pointer is pushed into memory that was previously freed. The c...

CVE-2021-44490

An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in opfnj3 in srport/opfnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- di...

YottaDB 缓冲区错误漏洞

YottaDB is a real-time database from YottaDB, Inc. A security vulnerability exists in versions of YottaDB prior to r1.32 and V7.0-000, which could be exploited by an attacker to control the size and input of memcpy calls to opfnfnumber in srport/opfnfnumber.c to corrupt memory or crash the...

PT-2022-12156 · Fis Gt.M +3 · Fis Gt.M +3

Name of the Vulnerable Software and Affected Versions: FIS GT.M versions through V7.0-000 Description: An issue allows attackers to cause an integer underflow of the size of calls to memset in op fnj3 in sr port/op fnj3.c, leading to a segmentation fault and application crash, using crafted input...