Unix ODBC Flaw Allows for Stack Overflow Attacks
CVE-2024-1013

7.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
18 March 2024

What is CVE-2024-1013?

A vulnerability has been identified in unixODBC affecting 64-bit architectures, characterized by an out-of-bounds stack write flaw. In this scenario, a caller passes 4 bytes while the callee erroneously attempts to write 8 bytes onto the stack. This flaw may not produce noticeable effects on little-endian architectures; however, systems utilizing big-endian architectures are at significant risk, potentially leading to unexpected behavior or crashes. Developers and system administrators must prioritize reviewing and addressing this vulnerability to enhance the security posture of their applications.

References

https://access.redhat.com/security/cve/CVE-2024-1013
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2260823
issue-trackingx_refsource_REDHAT
https://github.com/lurcher/unixODBC/pull/157

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.