CVE-2021-44504

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.

Se ha detectado un problema en FIS GT.M versiones hasta V7.0-000 (relacionado con la base de código YottaDB). Usando una entrada diseñada, un atacante puede causar que una variable de tamaño, almacenada como un int con signo, sea igual a un valor extremadamente grande, que es interpretado como un valor negativo durante una comprobación. Este valor es usado entonces en una llamada a memcpy en la pila, causando un fallo de segmentación de memoria