CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44500
https://notcve.org/view.php?id=CVE-2021-44500
15 Apr 2022 — An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). Una falta de comprobación de entrada en las llamadas a la función eb_div en el archivo sr_port/eb_muldiv.c permite a atacantes bloquear la aplicación llevando a cabo una ... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44499
https://notcve.org/view.php?id=CVE-2021-44499
15 Apr 2022 — An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). Usando una entrada diseñada, un atacante puede hacer que... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44498
https://notcve.org/view.php?id=CVE-2021-44498
15 Apr 2022 — An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). Usando una entrada diseñada, los atacantes pueden hacer que un tipo sea inicializado de forma incorrecta en la función f_incr en el archivo... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44497
https://notcve.org/view.php?id=CVE-2021-44497
15 Apr 2022 — An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop. Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). El uso de una entrada diseñada, puede causar que los límites de un bucle for sean calculados inapropiadamente, lo que conlleva a una ... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44496
https://notcve.org/view.php?id=CVE-2021-44496
15 Apr 2022 — An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution. Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). Usando una entrada diseñada, un atacante puede controlar la variable de tamaño y el búfer que es pasad... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44495
https://notcve.org/view.php?id=CVE-2021-44495
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede causar una desreferencia de puntero NULL después de las llamadas a ZPrint • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44494
https://notcve.org/view.php?id=CVE-2021-44494
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede causar que las llamadas a ZRead sean bloqueadas debido a una desreferencia del puntero NULL • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44493
https://notcve.org/view.php?id=CVE-2021-44493
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede hacer ... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44492
https://notcve.org/view.php?id=CVE-2021-44492
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. Se ha detectado un problema en YottaDB hasta r1.32 y V7.0-000 y FIS GT.M hasta V7.0-000. Usando una entrada diseñada, los atacantes pueden hacer que un tipo sea inicializado de forma incorrecta en la función f_incr en el archivo sr_port/f_incr.c... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44491
https://notcve.org/view.php?id=CVE-2021-44491
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden causar un cálculo del tamaño de las llamadas a memset en la función op_fnj... • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-682: Incorrect Calculation •