Debian Unixodbc vulnerabilities

6 known vulnerabilities affecting debian/unixodbc.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1LOW5

Vulnerabilities

Page 1 of 1

CVE-2024-1013LOWCVSS 7.8fixed in unixodbc 2.3.14-1 (forky)2024

CVE-2024-1013 [HIGH] CVE-2024-1013: unixodbc - An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures ... An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.3.14-1) sid: resolved (fixed in 2.3.14-1) trixie: open

CVE-2018-7409CRITICALCVSS 9.8fixed in unixodbc 2.3.6-0.1 (bookworm)2018

CVE-2018-7409 [CRITICAL] CVE-2018-7409: unixodbc - In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy... In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. Scope: local bookworm: resolved (fixed in 2.3.6-0.1) bullseye: resolved (fixed in 2.3.6-0.1) forky: resolved (fixed in 2.3.6-0.1) sid: resolved (fixed in 2.3.6-0.1) trixie: resolved (fixed in 2.3.6-0.1)

CVE-2018-7485LOWCVSS 9.82018

CVE-2018-7485 [CRITICAL] CVE-2018-7485: unixodbc - The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has... The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2658LOWCVSS 2.1fixed in unixodbc 2.3.6-0.1 (bookworm)2012

CVE-2012-2658 [LOW] CVE-2012-2658: unixodbc - Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local ... Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue w

CVE-2012-2657LOWCVSS 2.1fixed in unixodbc 2.3.6-0.1 (bookworm)2012

CVE-2012-2657 [LOW] CVE-2012-2657: unixodbc - Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and ... Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and

CVE-2011-1145LOWCVSS 7.8fixed in unixodbc 2.2.14p2-3 (bookworm)2011

CVE-2011-1145 [HIGH] CVE-2011-1145: unixodbc - The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buff... The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. Scope: local bookworm: resolved (fixed in 2.2.14p2-3) bullseye: resolved (fixed in 2.2.14p2-3) forky: resolved (fixed in 2.2.14p2-3) sid: resolved (fixed in 2.2.14p2-3) trixie: resolved (f