CVE-2012-2657Improper Restriction of Operations within the Bounds of a Memory Buffer in Unixodbc

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 69.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
UnixodbcDebian Unixodbc
Timeline
PublishedAug 31
Latest updateMay 17

Description

Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

debiandebian/unixodbc< unixodbc 2.3.6-0.1 (bookworm)
Debianunixodbc/unixodbc< 2.3.6-0.1+3
NVDunixodbc/unixodbc2.3.1+2

🔴Vulnerability Details

2
GHSA
GHSA-v3gw-vw4w-6f6j: ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 22022-05-17
OSV
CVE-2012-2657: Buffer overflow in the SQLDriverConnect function in unixODBC 22012-08-31

📋Vendor Advisories

2
Red Hat
unixodbc: buffer overflow due to improper checking of FILESDN= input2012-05-29
Debian
CVE-2012-2657: unixodbc - Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and ...2012

💬Community

1
Bugzilla
CVE-2012-2657 unixodbc: buffer overflow due to improper checking of FILESDN= input2012-05-29
CVE-2012-2657 — Debian Unixodbc vulnerability | cvebase