{"id":"CVE-2021-44493","details":"An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow.","modified":"2026-05-20T12:00:46.489875188Z","published":"2022-04-15T18:15:08.840Z","database_specific":{},"references":[{"type":"ADVISORY","url":"http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html"},{"type":"ADVISORY","url":"https://sourceforge.net/projects/fis-gtm/files/"},{"type":"FIX","url":"https://gitlab.com/YottaDB/DB/YDB/-/issues/828"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/yottadb/db/ydb","events":[{"introduced":"0"},{"last_affected":"451ab4772089182d502d1758a83cb793c2913b63"},{"last_affected":"3aec5570c0594d3ff99b59045d9c45acb5221b24"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"7.0-000"},{"last_affected":"1.32"}],"cpe":["cpe:2.3:a:fisglobal:gt.m:*:*:*:*:*:*:*:*","cpe:2.3:a:yottadb:yottadb:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["V7.0-000","r1.32","V6.3-014","V6.3-013","r1.30","V6.3-012","V6.3-011","V6.3-010","V6.3-009","r1.28","V6.3-008","r1.26","V6.3-007","Octo_alpha1","V6.3-006","V6.3-005","r1.24","V6.3-004","r1.22","V6.3-003A","r1.20","V6.3-003","V6.3-002","r1.10","V6.3-001A","r1.00","V6.3-001","V6.3-000A","V6.3-000","V6.2-002A","V6.2-002","V6.2-001","V6.2-000","V6.1-000","V6.0-003","V6.0-002","V6.0-001","V6.0-000x64","V6.0-000x86","V5.5-000","V5.4-002B","V5.4-002A","V5.4-002","V5.4-001","V5.4-000A","V5.4-000","V5.3-004A","V5.3-004","V5.3-003","V5.3-002","V5.3-001A","V5.3-001","V5.3-000","V5.2-001","V5.2-000B","V5.2-000A","V5.2-000","V5.1-000","V5.0-000D","V5.0-000C","V5.0-000","V4.4-004","V4.4-003","V4.4-FT01","V4.4-002","V4.3-001E","V4.3-001D","V4.3-001B","V4.3-001A","V4.3-000","V4.2-002"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44493.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}