CVE-2024-1013

Public on 2024-03-18
Modified on 2024-03-25
Description
An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.4
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 unixODBC No Fix Planned
Amazon Linux 2 - Core unixODBC Pending Fix
Amazon Linux 2023 unixODBC Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
NVD CVSSv3 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H