An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.
Weakness
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gt.m | Fisglobal | * | 7.0-000 (including) |
| Fis-gtm | Ubuntu | bionic | * |
| Fis-gtm | Ubuntu | esm-apps/bionic | * |
| Fis-gtm | Ubuntu | esm-apps/focal | * |
| Fis-gtm | Ubuntu | esm-apps/jammy | * |
| Fis-gtm | Ubuntu | esm-apps/xenial | * |
| Fis-gtm | Ubuntu | focal | * |
| Fis-gtm | Ubuntu | impish | * |
| Fis-gtm | Ubuntu | jammy | * |
| Fis-gtm | Ubuntu | kinetic | * |
| Fis-gtm | Ubuntu | lunar | * |
| Fis-gtm | Ubuntu | mantic | * |
| Fis-gtm | Ubuntu | upstream | * |
References
- http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
- https://gitlab.com/YottaDB/DB/YDB/-/issues/828
- https://sourceforge.net/projects/fis-gtm/files/
- http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html
- https://gitlab.com/YottaDB/DB/YDB/-/issues/828
- https://sourceforge.net/projects/fis-gtm/files/