UBUNTU-CVE-2012-2657

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2012-2657

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2657.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2012-2657

Upstream

CVE-2012-2657

Published

2012-08-31T18:55:00Z

Modified

2026-04-22T09:11:50.572618Z

Severity

Ubuntu - low

Summary

[none]

Details

Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.

References

Affected packages

Ubuntu:Pro:14.04:LTS / unixodbc

Package

Name: unixodbc
Purl: pkg:deb/ubuntu/unixodbc@2.2.14p2-5ubuntu5+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.14p2-5ubuntu4

2.2.14p2-5ubuntu5

2.2.14p2-5ubuntu5+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.2.14p2-5ubuntu5+esm1",
            "binary_name": "libodbc1"
        },
        {
            "binary_version": "2.2.14p2-5ubuntu5+esm1",
            "binary_name": "odbcinst"
        },
        {
            "binary_version": "2.2.14p2-5ubuntu5+esm1",
            "binary_name": "odbcinst1debian2"
        },
        {
            "binary_version": "2.2.14p2-5ubuntu5+esm1",
            "binary_name": "unixodbc"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2657.json"

Ubuntu:Pro:16.04:LTS / unixodbc

Package

Name: unixodbc
Purl: pkg:deb/ubuntu/unixodbc@2.3.1-4.1ubuntu0.1~esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.1-3

2.3.1-4

2.3.1-4.1

2.3.1-4.1ubuntu0.1~esm1

2.3.1-4.1ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.3.1-4.1ubuntu0.1~esm2",
            "binary_name": "libodbc1"
        },
        {
            "binary_version": "2.3.1-4.1ubuntu0.1~esm2",
            "binary_name": "odbcinst"
        },
        {
            "binary_version": "2.3.1-4.1ubuntu0.1~esm2",
            "binary_name": "odbcinst1debian2"
        },
        {
            "binary_version": "2.3.1-4.1ubuntu0.1~esm2",
            "binary_name": "unixodbc"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2657.json"