Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-7485

Published: 26/02/2018 Updated: 06/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Unixodbc

Vulnerability Summary

The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows malicious users to cause a denial of service or possibly have unspecified other impact.

Vulnerable Product Search on Vulmon Subscribe to Product

unixodbc unixodbc 2.3.5

Vendor Advisories

Red Hat: Moderate: unixODBC security update
Synopsis Moderate: unixODBC security update Type/Severity Security Advisory: Moderate Topic An update for unixODBC is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Red Hat: Moderate: unixODBC security update
Synopsis Moderate: unixODBC security update Type/Severity Security Advisory: Moderate Topic An update for unixODBC is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Amazon Linux 2: ALAS2-2019-1354
A buffer overflow flaw was found in the unicode_to_ansi_copy() function of unixODBC This overflow is not directly controllable by an attacker making the maximum potential impact a crash or denial of service(CVE-2018-7409) An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC This could only be exploited via a maliciou ...
Red Hat: CVE-2018-7485
An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC This could only be exploited via a malicious ODBC database connector package with the maximum impact being a denial of service ...

References

CWE-119https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24http://www.securityfocus.com/bid/103193https://access.redhat.com/errata/RHSA-2019:2336https://access.redhat.com/errata/RHSA-2020:4999https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2019-1354.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook