CVE-2018-7485
CRITICALunixODBC - Buffer Overflow via SQLWriteFileDSN Function
Title source: llmDescription
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
References (3)
Core 3
Core References
Patch x_refsource_misc
https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103193
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2336
Scores
CVSS v3
9.8
EPSS
0.0320
EPSS Percentile
86.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
unixodbc/unixodbc
2.3.5
Published
Feb 26, 2018
Tracked Since
Feb 18, 2026