Felipe Pena

**Name of the Vulnerable Software and Affected Versions** unixODBC versions prior to 2.2.14p2 **Description** The issue is related to a possible buffer overflow condition in the SQLDriverConnect() function when a large value is specified for the `SAVEFILE` parameter in the connection string. This condition can occur when using the `SQLDriverConnect()` function with a large `SAVEFILE` value. **Recommendations** For versions prior to 2.2.14p2, update to version 2.2.14p2 or later to resolve the issue. As a temporary workaround, consider restricting the use of large values for the `SAVEFILE` parameter in the connection string to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** unixODBC version 2.3.1 **Description** The issue is related to a buffer overflow in the `SQLDriverConnect` function, which can be triggered by a long string in the `DRIVER` option. This can cause a denial of service (crash). The ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue might not cross privilege boundaries. There may be limited attack scenarios if `isql` command-line options are exposed to an attacker. **Recommendations** For unixODBC version 2.3.1, consider restricting access to the `SQLDriverConnect` function to minimize the risk of exploitation. As a temporary workaround, avoid using long strings in the `DRIVER` option until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** unixODBC versions 2.0.10, 2.3.1, and earlier **Description** The issue is related to a buffer overflow in the SQLDriverConnect function, which can be triggered by a long string in the `FILEDSN` option, potentially allowing local users to cause a denial of service (crash). It is noted that this issue might not be a vulnerability, as the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker. **Recommendations** For unixODBC versions 2.0.10, 2.3.1, and earlier, consider restricting access to the `FILEDSN` option to minimize the risk of exploitation. As a temporary workaround, consider disabling the `SQLDriverConnect` function until a patch is available. Avoid using long strings in the `FILEDSN` option to prevent potential crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.