All errata/sisyphus/ALT-PU-2013-1267-1
ALT-PU-2013-1267-1

Package update unixODBC in branch sisyphus

Version2.3.2-alt1
Task#110255
Published2013-12-10
Max severityLOW
Severity:

Closed issues (4)

BDU:2021-01400
LOW3.8

Уязвимость функции SQLDriverConnect библиотеки ODBC для UNIX UnixODBC, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-03-21Modified: 2021-03-23
CVSS 3.xLOW 3.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVSS 2.0LOW 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2021-01401
LOW3.8

Уязвимость функции SQLDriverConnect библиотеки ODBC для UNIX UnixODBC, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-03-21Modified: 2021-03-23
CVSS 3.xLOW 3.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVSS 2.0LOW 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P
References
CVE-2012-2657
LOW2.1

Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.

Published: 2012-08-31Modified: 2026-04-29
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2012-2658
LOW2.1

Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.

Published: 2012-08-31Modified: 2026-04-29
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
References

Closed bugs (1)

Bug #29638

Не конфликтует с libunixODBC