Skip to main content

Incorrect Calculation

CVE-2021-44504

Severity High
Score 7.5/10

Summary

An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-682 - Incorrect Calculation

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References

Advisory Timeline

  • Published