An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.
Weakness
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gt.m | Fisglobal | * | 7.0-000 (including) |
| Fis-gtm | Ubuntu | bionic | * |
| Fis-gtm | Ubuntu | esm-apps/bionic | * |
| Fis-gtm | Ubuntu | esm-apps/focal | * |
| Fis-gtm | Ubuntu | esm-apps/jammy | * |
| Fis-gtm | Ubuntu | esm-apps/xenial | * |
| Fis-gtm | Ubuntu | focal | * |
| Fis-gtm | Ubuntu | impish | * |
| Fis-gtm | Ubuntu | jammy | * |
| Fis-gtm | Ubuntu | kinetic | * |
| Fis-gtm | Ubuntu | lunar | * |
| Fis-gtm | Ubuntu | mantic | * |
| Fis-gtm | Ubuntu | upstream | * |
Potential Mitigations
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Related Attack Patterns
References
- http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
- https://gitlab.com/YottaDB/DB/YDB/-/issues/828
- https://sourceforge.net/projects/fis-gtm/files/
- http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
- https://gitlab.com/YottaDB/DB/YDB/-/issues/828
- https://sourceforge.net/projects/fis-gtm/files/