Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-1013
7.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Unixodbc: out of bounds stack write due to pointer-to-integer types conversion
An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.
References
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
-
-
-
-
-
https://github.com/lurcher/unixODBC/pull/157 x_transferred
Affected products
unixODBC
compat-unixODBC234