OESA-2024-1374

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1374
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1374.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2024-1374
Upstream
Published
2024-04-12T11:07:35Z
Modified
2025-09-03T06:19:51.668708Z
Summary
unixODBC security update
Details

The unixODBC Project goals are to develop and promote unixODBC to be the definitive standard for ODBC on non MS Windows platforms. This is to include GUI support for both KDE and GNOME.

Security Fix(es):

An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.(CVE-2024-1013)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / unixODBC

Package

Name
unixODBC
Purl
pkg:rpm/openEuler/unixODBC&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.7-3.h1.oe1

Ecosystem specific

{
    "x86_64": [
        "unixODBC-debugsource-2.3.7-3.h1.oe1.x86_64.rpm",
        "unixODBC-debuginfo-2.3.7-3.h1.oe1.x86_64.rpm",
        "unixODBC-2.3.7-3.h1.oe1.x86_64.rpm",
        "unixODBC-devel-2.3.7-3.h1.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "unixODBC-2.3.7-3.h1.oe1.aarch64.rpm",
        "unixODBC-debuginfo-2.3.7-3.h1.oe1.aarch64.rpm",
        "unixODBC-debugsource-2.3.7-3.h1.oe1.aarch64.rpm",
        "unixODBC-devel-2.3.7-3.h1.oe1.aarch64.rpm"
    ],
    "src": [
        "unixODBC-2.3.7-3.h1.oe1.src.rpm"
    ]
}