CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44506
https://notcve.org/view.php?id=CVE-2021-44506
15 Apr 2022 — An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). Una falta de comprobación de entrada en las llamadas a la función do_verify en el archivo sr_unix/do_verify.c permite a atacantes intentar saltar a un pu... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44505
https://notcve.org/view.php?id=CVE-2021-44505
15 Apr 2022 — An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). Usando una entrada diseñada, un atacante puede causar una desreferencia de puntero NULL después de las llamadas a ZPrint • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44495
https://notcve.org/view.php?id=CVE-2021-44495
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede causar una desreferencia de puntero NULL después de las llamadas a ZPrint • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44494
https://notcve.org/view.php?id=CVE-2021-44494
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede causar que las llamadas a ZRead sean bloqueadas debido a una desreferencia del puntero NULL • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44493
https://notcve.org/view.php?id=CVE-2021-44493
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000 y FIS GT.M versiones hasta V7.0-000. Usando una entrada diseñada, un atacante puede hacer ... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44492
https://notcve.org/view.php?id=CVE-2021-44492
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. Se ha detectado un problema en YottaDB hasta r1.32 y V7.0-000 y FIS GT.M hasta V7.0-000. Usando una entrada diseñada, los atacantes pueden hacer que un tipo sea inicializado de forma incorrecta en la función f_incr en el archivo sr_port/f_incr.c... • http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44491
https://notcve.org/view.php?id=CVE-2021-44491
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden causar un cálculo del tamaño de las llamadas a memset en la función op_fnj... • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44490
https://notcve.org/view.php?id=CVE-2021-44490
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44489
https://notcve.org/view.php?id=CVE-2021-44489
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden causar un desbordamiento de enteros del tamaño de las llamadas a memset en la función op_fnj3 en el arc... • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44488
https://notcve.org/view.php?id=CVE-2021-44488
15 Apr 2022 — An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. Se ha detectado un problema en YottaDB versiones hasta r1.32 y V7.0-000. Usando una entrada diseñada, los atacantes pueden controlar el tamaño y la entrada de las llamadas a memcpy en la función op_fnfnumber en el archivo sr_port/op_fnfnumber.c para corromper la memoria o ... • https://gitlab.com/YottaDB/DB/YDB/-/issues/828 • CWE-787: Out-of-bounds Write •