Buffer overflow in unixODBC - CVE-2018-7409
Published: March 26, 2018
Vulnerability identifier: #VU11274
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-7409
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: unixODBC
Affected software:
unixODBC
unixODBC
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the unicode_to_ansi_copy() function due to buffer overflow. A remote attacker can send specially crafted input, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the unicode_to_ansi_copy() function due to buffer overflow. A remote attacker can send specially crafted input, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-7409
Update to version 2.3.5.