Nixpkgs Security Tracker

Permalink CVE-2011-1145

created 1 month ago

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible …

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

References

https://security-tracker.debian.org/tracker/CVE-2011-1145 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1145 x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-1145 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1145 x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1145 x_transferred x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-1145 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1145 x_transferred x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-1145 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1145 x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-1145 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1145 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-1145 x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2011-1145 x_transferred x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1145 x_transferred x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-1145 x_transferred x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1145 x_transferred x_refsource_MISC

Affected products

unixodbc

==before 2.2.14p2

Matching in nixpkgs

pkgs.unixODBC

ODBC driver manager for Unix

nixos-unstable 2.3.12
- nixpkgs-unstable 2.3.12
- nixos-unstable-small 2.3.12
nixos-25.11 2.3.12
- nixos-25.11-small 2.3.12
- nixpkgs-25.11-darwin 2.3.12

pkgs.tests.pkg-config.defaultPkgConfigPackages.odbc

Test whether unixODBC-2.3.12 exposes pkg-config modules odbc

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Permalink CVE-2024-1013

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

Unixodbc: out of bounds stack write due to pointer-to-integer types conversion

An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.

References

https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_refsource_REDHAT vdb-entry
RHBZ#2260823 issue-tracking x_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157
RHBZ#2260823 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/lurcher/unixODBC/pull/157 x_transferred
https://access.redhat.com/security/cve/CVE-2024-1013 x_transferred x_refsource_REDHAT vdb-entry

Affected products

unixODBC

compat-unixODBC234

Matching in nixpkgs

pkgs.unixODBC

ODBC driver manager for Unix

nixos-unstable -
- nixpkgs-unstable 2.3.12

pkgs.tests.pkg-config.defaultPkgConfigPackages.odbc

Test whether unixODBC-2.3.12 exposes pkg-config modules odbc

nixos-unstable -
- nixpkgs-unstable

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.unixODBC

pkgs.tests.pkg-config.defaultPkgConfigPackages.odbc

References

Affected products

Matching in nixpkgs

pkgs.unixODBC

pkgs.tests.pkg-config.defaultPkgConfigPackages.odbc