CVE-2024-1013 — Use of Out-of-range Pointer Offset in Unixodbc

CWE-823 — Use of Out-of-range Pointer Offset8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 78.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unixodbc Debian Unixodbc Msrc Azl3 Unixodbc 2.3.12-2 ON Azure Linux 3.0 +1 more

Timeline

PublishedMar 18

Latest updateJun 5

Description

An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/unixodbc< unixodbc 2.3.14-1 (forky)

▶Debianunixodbc/unixodbc< 2.3.14-1

▶msrcmsrc/cbl2_unixodbc_2.3.9-3_on_cbl_mariner_2.0

▶msrcmsrc/azl3_unixodbc_2.3.12-2_on_azure_linux_3.0

🔴Vulnerability Details

OSV

CVE-2024-1013: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes↗2024-03-18

▶

GHSA

GHSA-x6h9-cx79-jjjv: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes↗2024-03-18

▶

📋Vendor Advisories

Ubuntu

unixODBC vulnerability↗2024-06-05

▶

Ubuntu

unixODBC vulnerability↗2024-03-27

▶

Red Hat

unixODBC: out of bounds stack write due to pointer-to-integer types conversion↗2024-03-18

▶

Microsoft

Unixodbc: out of bounds stack write due to pointer-to-integer types conversion↗2024-03-12

▶

Debian

CVE-2024-1013: unixodbc - An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures ...↗2024

▶