CVE-2018-7409
CRITICALunixODBC < 2.3.5 - Buffer Overflow in unicode_to_ansi_copy
Title source: llmDescription
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
References (3)
Core 3
Core References
Product x_refsource_misc
http://www.unixodbc.org/unixODBC-2.3.5.tar.gz
Release Notes x_refsource_misc
https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2336
Scores
CVSS v3
9.8
EPSS
0.0268
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
unixodbc/unixodbc
< 2.3.5
Published
Feb 22, 2018
Tracked Since
Feb 18, 2026