The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103193 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2019:2336 | |
https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24 | Patch |
Configurations
History
No history.
Information
Published : 2018-02-26 14:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-7485
Mitre link : CVE-2018-7485
CVE.ORG link : CVE-2018-7485
JSON object : View
Products Affected
unixodbc
- unixodbc
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer