CVE-2012-2658

Name of the Vulnerable Software and Affected Versions unixODBC version 2.3.1

Description The issue is related to a buffer overflow in the SQLDriverConnect function, which can be triggered by a long string in the DRIVER option. This can cause a denial of service (crash). The ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue might not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker.

Recommendations For unixODBC version 2.3.1, consider restricting access to the SQLDriverConnect function to minimize the risk of exploitation. As a temporary workaround, avoid using long strings in the DRIVER option until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.