Описание
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0-000 (включая)Версия до 1.32 (включая)
Одно из
cpe:2.3:a:fisglobal:gt.m:*:*:*:*:*:*:*:*
cpe:2.3:a:yottadb:yottadb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.0028
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 9.1
github
почти 4 года назад
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can control the size and input to calls to memcpy in op_fnfnumber in sr_port/op_fnfnumber.c in order to corrupt memory or crash the application.
EPSS
Процентиль: 51%
0.0028
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-787