PT-2018-18097 · Unixodbc+3 · Unixodbc+3

Published

2018-02-26

Updated

2024-06-15

CVE-2018-7485

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions unixODBC version 2.3.5

Description The issue is related to the SQLWriteFileDSN function in unixODBC, where strncpy arguments are in the wrong order. This could allow attackers to cause a denial of service or have other unspecified impacts.

Recommendations For unixODBC version 2.3.5, consider updating to a newer version that addresses this issue, as the incorrect order of strncpy arguments in the SQLWriteFileDSN function poses a risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CESA-2019_2336

CVE-2018-7485

MGASA-2018-0379

OPENSUSE-SU-2018_1845-1

OPENSUSE-SU-2024:11483-1

RHSA-2019:2336

RHSA-2019_2336

RHSA-2020:4999

SUSE-SU-2018:1832-1

Affected Products

Centos

Red Hat

Suse

Unixodbc

PT-2018-18097 · Unixodbc+3 · Unixodbc+3

CVE-2018-7485

Weakness Enumeration

Related Identifiers

Affected Products

References · 19