CVE-2024-1013
Published: 18 March 2024
An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.
Priority
Status
Package | Release | Status |
---|---|---|
unixodbc
Launchpad, Ubuntu, Debian |
bionic |
Released
(2.3.4-1.1ubuntu3+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
focal |
Released
(2.3.6-0.1ubuntu0.1)
|
|
jammy |
Released
(2.3.9-5ubuntu0.1)
|
|
mantic |
Released
(2.3.12-1ubuntu0.23.10.1)
|
|
noble |
Released
(2.3.12-1ubuntu0.24.04.1)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Released
(2.3.1-4.1ubuntu0.1~esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches:
upstream: https://github.com/lurcher/unixODBC/pull/157/commits/45f501e1be2db6b017cc242c79bfb9de32b332a1 |
References
- https://github.com/lurcher/unixODBC/pull/157
- https://access.redhat.com/security/cve/CVE-2024-1013
- https://bugzilla.redhat.com/show_bug.cgi?id=2260823
- https://ubuntu.com/security/notices/USN-6715-1
- https://www.cve.org/CVERecord?id=CVE-2024-1013
- https://ubuntu.com/security/notices/USN-6715-2
- NVD
- Launchpad
- Debian