CVE-2018-7485 – unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c

https://notcve.org/view.php?id=CVE-2018-7485

The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. La función SQLWriteFileDSN en odbcinst/SQLWriteFileDSN.c en unixODBC 2.3.5 tiene argumentos strncpy en el orden equivocado. Esto permite que atacantes provoquen una denegación de servicio (DoS) u otro tipo de impacto sin especificar. An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC. This could only be exploited via a malicious ODBC database connector package with the maximum impact being a denial of service. • http://www.securityfocus.com/bid/103193 https://access.redhat.com/errata/RHSA-2019:2336 https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24 https://access.redhat.com/security/cve/CVE-2018-7485 https://bugzilla.redhat.com/show_bug.cgi?id=1549636 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •