CVE-2012-2658Improper Restriction of Operations within the Bounds of a Memory Buffer in Unixodbc

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 79.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
UnixodbcDebian Unixodbc
Timeline
PublishedAug 31
Latest updateMay 17

Description

Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

debiandebian/unixodbc< unixodbc 2.3.6-0.1 (bookworm)
Debianunixodbc/unixodbc< 2.3.6-0.1+3

🔴Vulnerability Details

2
GHSA
GHSA-8mx7-qh9r-7vj7: ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 22022-05-17
OSV
CVE-2012-2658: Buffer overflow in the SQLDriverConnect function in unixODBC 22012-08-31

📋Vendor Advisories

2
Red Hat
unixodbc: buffer overflow due to improper checking of DRIVER= input2012-05-29
Debian
CVE-2012-2658: unixodbc - Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local ...2012

💬Community

1
Bugzilla
CVE-2012-2658 unixodbc: buffer overflow due to improper checking of DRIVER= input2012-05-29
CVE-2012-2658 — Debian Unixodbc vulnerability | cvebase