Описание
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0-000 (включая)Версия до 1.32 (включая)
Одно из
cpe:2.3:a:fisglobal:gt.m:*:*:*:*:*:*:*:*
cpe:2.3:a:yottadb:yottadb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.0028
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-682
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application. This is a "- (digs < 1 ? 1 : digs)" subtraction.
EPSS
Процентиль: 51%
0.0028
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-682