yottadb 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk memory corruption、vendor risk input validation, and バッファオーバーフロー に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact memory corruption and アプリケーションクラッシュ などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-44506 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. | [email protected] | 7.5 | 0.16% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44505 | An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. | [email protected] | 7.5 | 0.37% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44495 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint. | [email protected] | 7.5 | 0.37% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44494 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference. | [email protected] | 7.5 | 0.37% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44493 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. | [email protected] | 7.5 | 0.40% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44492 | An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference. | [email protected] | 7.5 | 0.12% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44491 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a digs-- calculation. | [email protected] | 7.5 | 0.27% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44490 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction. | [email protected] | 7.5 | 0.27% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44489 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction. | [email protected] | 7.5 | 0.27% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44488 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application. | [email protected] | 9.1 | 0.27% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44487 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer. | [email protected] | 7.5 | 0.32% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44486 | An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution. | [email protected] | 9.8 | 1.02% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44485 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in trip_gen in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. | [email protected] | 7.5 | 0.32% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44484 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of NULL checks in calls to emit_trip in sr_port/emit_code.c allows attackers to crash the application by dereferencing a NULL pointer. | [email protected] | 7.5 | 0.32% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44483 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero. | [email protected] | 7.5 | 0.32% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44482 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer. | [email protected] | 7.5 | 0.27% | 2022-04-15 | 2024-11-21 |
| CVE-2021-44481 | An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in check_and_set_timeout in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer. | [email protected] | 7.5 | 0.33% | 2022-04-15 | 2024-11-21 |
| CVE-2021-27377 | An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free. | [email protected] | 9.8 | 0.51% | 2021-02-18 | 2024-11-21 |