An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.
Weakness
The product divides a value by zero.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gt.m | Fisglobal | * | 7.0-000 (including) |
| Fis-gtm | Ubuntu | bionic | * |
| Fis-gtm | Ubuntu | esm-apps/bionic | * |
| Fis-gtm | Ubuntu | esm-apps/focal | * |
| Fis-gtm | Ubuntu | esm-apps/jammy | * |
| Fis-gtm | Ubuntu | esm-apps/xenial | * |
| Fis-gtm | Ubuntu | focal | * |
| Fis-gtm | Ubuntu | impish | * |
| Fis-gtm | Ubuntu | jammy | * |
| Fis-gtm | Ubuntu | kinetic | * |
| Fis-gtm | Ubuntu | lunar | * |
| Fis-gtm | Ubuntu | mantic | * |
| Fis-gtm | Ubuntu | upstream | * |
References
- http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
- https://gitlab.com/YottaDB/DB/YDB/-/issues/828
- https://sourceforge.net/projects/fis-gtm/files/
- http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
- https://gitlab.com/YottaDB/DB/YDB/-/issues/828
- https://sourceforge.net/projects/fis-gtm/files/