{"id":"CVE-2018-7485","details":"The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.","modified":"2026-07-08T16:41:20.185399Z","published":"2018-02-26T14:29:00.383Z","related":["SUSE-SU-2018:1832-1","openSUSE-SU-2024:11483-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103193"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2336"},{"type":"FIX","url":"https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lurcher/unixodbc","events":[{"introduced":"fce0b999118eb471822723c82515966046b25676"},{"last_affected":"fce0b999118eb471822723c82515966046b25676"},{"fixed":"45ef78e037f578b15fc58938a3a3251655e71d6f"}],"database_specific":{"cpe":"cpe:2.3:a:unixodbc:unixodbc:2.3.5:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.3.5"},{"last_affected":"2.3.5"}],"source":["CPE_STRING","REFERENCES"]}}],"versions":["2.3.5"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"DriverManager/SQLSetDescFieldW.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","id":"CVE-2018-7485-0116c673","digest":{"line_hashes":["194871485976564568222644147018375322529","312567024388020377303674224657788866569","58741678282498609914839137469146592184","209895836599252194242520718469085956174","326483403762743264162801175920691335243","168890070038278725565808719351188359857","125084256621417646051386122425565055328","125984365178799877983202624116070204082","92132637959238713266268352754292153879","306296870941242442268711629127234700614"],"threshold":0.9}},{"signature_version":"v1","target":{"function":"SQLWriteFileDSN","file":"odbcinst/SQLWriteFileDSN.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-19f0387a","digest":{"function_hash":"221076018990600298752231612385570872422","length":1635}},{"signature_version":"v1","target":{"function":"_single_string_alloc_and_copy","file":"odbcinst/SQLCreateDataSource.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-212ed892","digest":{"function_hash":"238544046005397600979991927817734991558","length":297}},{"signature_version":"v1","target":{"function":"_multi_string_alloc_and_copy","file":"odbcinst/SQLCreateDataSource.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-3c7c5277","digest":{"function_hash":"57408896660651845829201121512772019330","length":373}},{"signature_version":"v1","target":{"file":"odbcinst/SQLWriteFileDSN.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","id":"CVE-2018-7485-5e452665","digest":{"line_hashes":["125978840017268019661405498929304996526","130669083775802491445520679967672518409","95081495488433232928438470821688840354","78255813772861821172530249409844349989"],"threshold":0.9}},{"signature_version":"v1","target":{"function":"_single_string_alloc_and_expand","file":"odbcinst/SQLCreateDataSource.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-618030e3","digest":{"function_hash":"185621171165862406585399902487544233849","length":310}},{"signature_version":"v1","target":{"function":"ExecuteSQL","file":"exe/iusql.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-64139fb2","digest":{"function_hash":"57694611605143552821001553328450893791","length":2332}},{"signature_version":"v1","target":{"file":"odbcinst/SQLCreateDataSource.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","id":"CVE-2018-7485-69968670","digest":{"line_hashes":["279550115446533684865211626208940972917","104454965380888258184927876949273661952","213462015308014849553462333152542319343","17709770620305686166818284381155690960","279550115446533684865211626208940972917","104454965380888258184927876949273661952","143312565989849313773924593936162855618","32293983432283445473372534407914028702","279550115446533684865211626208940972917","104454965380888258184927876949273661952","213462015308014849553462333152542319343","17709770620305686166818284381155690960","279550115446533684865211626208940972917","104454965380888258184927876949273661952","143312565989849313773924593936162855618","32293983432283445473372534407914028702"],"threshold":0.9}},{"signature_version":"v1","target":{"file":"exe/iusql.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","id":"CVE-2018-7485-6f7c1138","digest":{"line_hashes":["16920515504138527376691221490549844046","265361416020442231806819742315250355203","27953130207036718978259237167033226313","303589925598142668754667590288795642673"],"threshold":0.9}},{"signature_version":"v1","target":{"file":"DriverManager/SQLSetDescField.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","id":"CVE-2018-7485-80101cbb","digest":{"line_hashes":["194871485976564568222644147018375322529","312567024388020377303674224657788866569","58741678282498609914839137469146592184","209895836599252194242520718469085956174","326483403762743264162801175920691335243","168890070038278725565808719351188359857","125084256621417646051386122425565055328","125984365178799877983202624116070204082","92132637959238713266268352754292153879","306296870941242442268711629127234700614"],"threshold":0.9}},{"signature_version":"v1","target":{"function":"_multi_string_alloc_and_expand","file":"odbcinst/SQLCreateDataSource.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-afd78502","digest":{"function_hash":"23309584842023270580920713917630728259","length":383}},{"signature_version":"v1","target":{"function":"SQLSetDescField","file":"DriverManager/SQLSetDescField.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-c90955bf","digest":{"function_hash":"116185973548757359693982793420048436103","length":4846}},{"signature_version":"v1","target":{"function":"SQLSetDescFieldW","file":"DriverManager/SQLSetDescFieldW.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","id":"CVE-2018-7485-cef8ed6c","digest":{"function_hash":"9414074466139147391569923712408860203","length":5785}},{"signature_version":"v1","target":{"file":"DriverManager/SQLGetDiagRecW.c"},"deprecated":false,"source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","id":"CVE-2018-7485-e2d13c2f","digest":{"line_hashes":["322111850722312363252504691623787776831","323238464578941118727250322460627829589","237290684553146219010531614035793345490"],"threshold":0.9}}],"vanir_signatures_modified":"2026-07-08T16:41:20Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7485.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}