CVE-2024-1013: Unixodbc: out of bounds stack write due to pointer-to-integer types conversion

Description

An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.

Classification

CVE ID: CVE-2024-1013

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.35% (scored less or equal to compared to others)

EPSS Date: 2025-03-08 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2024-1013
https://bugzilla.redhat.com/show_bug.cgi?id=2260823
https://github.com/lurcher/unixODBC/pull/157

Timeline

2025-02-08 00:30:28 UTC
CVE

Unixodbc: out of bounds stack write due to pointer-to-integer types conversion
2025-03-25 12:00:48 UTC
Tenable Plugins

Azure Linux 3.0 Security Update: unixODBC (CVE-2024-1013)