CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44495
https://notcve.org/view.php?id=CVE-2021-44495
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede causar una desreferencia de puntero NULL después de las llamadas a ZPrint • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44494
https://notcve.org/view.php?id=CVE-2021-44494
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede causar que las llamadas a ZRead sean bloqueadas debido a una desreferencia del puntero NULL • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44493
https://notcve.org/view.php?id=CVE-2021-44493
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede hacer ... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44492
https://notcve.org/view.php?id=CVE-2021-44492
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. Se ha detectado un problema en YottaDB hasta r1.32 y V7.0-000 y FIS GT.M hasta V7.0-000. Usando una entrada diseñada, los atacantes pueden hacer que un tipo sea inicializado de forma incorrecta en la función f_incr en el archivo sr_port/f_incr.c... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44491
https://notcve.org/view.php?id=CVE-2021-44491
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden causar un cálculo del tamaño de las llamadas a memset en la función op_fnj... • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44490
https://notcve.org/view.php?id=CVE-2021-44490
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44489
https://notcve.org/view.php?id=CVE-2021-44489
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden causar un desbordamiento de enteros del tamaño de las llamadas a memset en la función op_fnj3 en el arc... • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44488
https://notcve.org/view.php?id=CVE-2021-44488
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden controlar el tamaño y la entrada de las llamadas a memcpy en la función op_fnfnumber en el archivo sr_port/op_fnfnumber.c para corromper la memoria o ... • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44487
https://notcve.org/view.php?id=CVE-2021-44487
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Una falta de comprobación de NULL en las llamadas a la función ious_open en el archivo sr_unix/ious_open.c permite a atacantes bloquear la aplicación al hacer una desreferencia a un puntero NULL • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44486
https://notcve.org/view.php?id=CVE-2021-44486
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden manipular el valor de un puntero de función usado en la función op_write en el archivo sr_port/op_write.c para conseguir el control del flujo de ejecución • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 •