Vulnerability Details : CVE-2018-7485
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2018-7485
- cpe:2.3:a:unixodbc:unixodbc:2.3.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7485
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7485
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-7485
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-7485
-
https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
New Pre Source · lurcher/unixODBC@45ef78e · GitHubPatch
-
https://access.redhat.com/errata/RHSA-2019:2336
RHSA-2019:2336 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/103193
unixODBC CVE-2018-7485 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to