CVE-2024-1013
Published: 18 March 2024
An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
unixodbc Launchpad, Ubuntu, Debian |
bionic |
Released
(2.3.4-1.1ubuntu3+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(2.3.6-0.1ubuntu0.1)
|
|
| jammy |
Released
(2.3.9-5ubuntu0.1)
|
|
| mantic |
Released
(2.3.12-1ubuntu0.23.10.1)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.3.1-4.1ubuntu0.1~esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
Patches: upstream: https://github.com/lurcher/unixODBC/pull/157/commits/45f501e1be2db6b017cc242c79bfb9de32b332a1 |
||