CVE-2011-1145 — Classic Buffer Overflow in Unixodbc

CWE-120 — Classic Buffer Overflow6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 55.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unixodbc Debian Unixodbc Debian Linux +2 more

Timeline

PublishedNov 14

Latest updateApr 22

Description

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/unixodbc< unixodbc 2.2.14p2-3 (bookworm)

▶Debianunixodbc/unixodbc< 2.2.14p2-3+3

▶NVDunixodbc/unixodbc2.2.14

▶CVEListV5unixodbc/unixodbcbefore 2.2.14p2

▶NVDopensuse/opensuse11.3, 11.4+1

Also affects: Debian Linux 10.0, 8.0, 9.0, Enterprise Linux 4.0, 5.0, 6.0

🔴Vulnerability Details

GHSA

GHSA-6299-8rx4-fxcv: The SQLDriverConnect() function in unixODBC before 2↗2022-04-22

▶

OSV

CVE-2011-1145: The SQLDriverConnect() function in unixODBC before 2↗2019-11-14

▶

📋Vendor Advisories

Red Hat

unixODBC: possible buffer overrun in SQLDriverConnect()↗2011-03-09

▶

Debian

CVE-2011-1145: unixodbc - The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buff...↗2011

▶

💬Community

Bugzilla

CVE-2011-1145 unixODBC: possible buffer overrun in SQLDriverConnect()↗2011-03-10

▶