CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-1145
https://notcve.org/view.php?id=CVE-2011-1145
14 Nov 2019 — The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. La función SQLDriverConnect() en unixODBC versiones anterior a la versión 2.2.14p2, tiene una posible condición de desbordamiento del búfer cuando se especifica valor grande para el parámetro SAVEFILE en la cadena de conexión. • https://access.redhat.com/security/cve/cve-2011-1145 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7409 – unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact
https://notcve.org/view.php?id=CVE-2018-7409
22 Feb 2018 — In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. En unixODBC, en versiones anteriores a la 2.3.5, hay un desbordamiento de búfer en la función unicode_to_ansi_copy() en DriverManager/__info.c. A buffer overflow flaw was found in the unicode_to_ansi_copy() function of unixODBC. This overflow is not directly controllable by an attacker making the maximum potential impact a crash or denial of service. The unixODBC packages contain a framewor... • http://www.unixodbc.org/unixODBC-2.3.5.tar.gz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2658
https://notcve.org/view.php?id=CVE-2012-2658
31 Aug 2012 — Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although i... • http://www.openwall.com/lists/oss-security/2012/05/29/10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2657
https://notcve.org/view.php?id=CVE-2012-2657
31 Aug 2012 — Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to a... • http://www.openwall.com/lists/oss-security/2012/05/29/10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •