← Back

CVE-2011-1145

nvd nist
Published: Nov 14, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

Affected (9)

Products: Unixodbc: Unixodbc · Debian: Debian Linux · Opensuse: Opensuse · +1 more
Show all products
Unixodbc: Unixodbc · Debian: Debian Linux · Opensuse: Opensuse · Redhat: Enterprise Linux
Unixodbc
1 product
Unixodbc
Debian
1 product
Debian Linux
Opensuse
1 product
Opensuse
Redhat
1 product
Enterprise Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Unixodbc
Up to 2.2.14
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 11.3
Opensuse
Version 11.4
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 4.0
Enterprise Linux
Version 5.0
Enterprise Linux
Version 6.0

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (8)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.