#VU11274 Buffer overflow in unixODBC - CVE-2018-7409
Published: March 26, 2018
Vulnerability identifier: #VU11274
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-7409
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
unixODBC
unixODBC
Software vendor:
unixODBC
unixODBC
Description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the unicode_to_ansi_copy() function due to buffer overflow. A remote attacker can send specially crafted input, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the unicode_to_ansi_copy() function due to buffer overflow. A remote attacker can send specially crafted input, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 2.3.5.