{"id":"CVE-2018-7485","details":"The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.","modified":"2026-03-14T04:42:50.966155Z","published":"2018-02-26T14:29:00.383Z","related":["MGASA-2018-0379","SUSE-SU-2018:1832-1","openSUSE-SU-2024:11483-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103193"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2336"},{"type":"FIX","url":"https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lurcher/unixODBC","events":[{"introduced":"0"},{"last_affected":"fce0b999118eb471822723c82515966046b25676"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.5"}]}},{"type":"GIT","repo":"https://github.com/lurcher/unixodbc","events":[{"introduced":"0"},{"fixed":"45ef78e037f578b15fc58938a3a3251655e71d6f"}]}],"versions":["2.3.2","2.3.3","2.3.4","2.3.5"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-7485-0116c673","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","signature_version":"v1","target":{"file":"DriverManager/SQLSetDescFieldW.c"},"digest":{"threshold":0.9,"line_hashes":["194871485976564568222644147018375322529","312567024388020377303674224657788866569","58741678282498609914839137469146592184","209895836599252194242520718469085956174","326483403762743264162801175920691335243","168890070038278725565808719351188359857","125084256621417646051386122425565055328","125984365178799877983202624116070204082","92132637959238713266268352754292153879","306296870941242442268711629127234700614"]},"deprecated":false},{"id":"CVE-2018-7485-19f0387a","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"SQLWriteFileDSN","file":"odbcinst/SQLWriteFileDSN.c"},"digest":{"function_hash":"221076018990600298752231612385570872422","length":1635},"deprecated":false},{"id":"CVE-2018-7485-212ed892","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"_single_string_alloc_and_copy","file":"odbcinst/SQLCreateDataSource.c"},"digest":{"function_hash":"238544046005397600979991927817734991558","length":297},"deprecated":false},{"id":"CVE-2018-7485-3c7c5277","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"_multi_string_alloc_and_copy","file":"odbcinst/SQLCreateDataSource.c"},"digest":{"function_hash":"57408896660651845829201121512772019330","length":373},"deprecated":false},{"id":"CVE-2018-7485-5e452665","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","signature_version":"v1","target":{"file":"odbcinst/SQLWriteFileDSN.c"},"digest":{"threshold":0.9,"line_hashes":["125978840017268019661405498929304996526","130669083775802491445520679967672518409","95081495488433232928438470821688840354","78255813772861821172530249409844349989"]},"deprecated":false},{"id":"CVE-2018-7485-618030e3","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"_single_string_alloc_and_expand","file":"odbcinst/SQLCreateDataSource.c"},"digest":{"function_hash":"185621171165862406585399902487544233849","length":310},"deprecated":false},{"id":"CVE-2018-7485-64139fb2","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"ExecuteSQL","file":"exe/iusql.c"},"digest":{"function_hash":"57694611605143552821001553328450893791","length":2332},"deprecated":false},{"id":"CVE-2018-7485-69968670","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","signature_version":"v1","target":{"file":"odbcinst/SQLCreateDataSource.c"},"digest":{"threshold":0.9,"line_hashes":["279550115446533684865211626208940972917","104454965380888258184927876949273661952","213462015308014849553462333152542319343","17709770620305686166818284381155690960","279550115446533684865211626208940972917","104454965380888258184927876949273661952","143312565989849313773924593936162855618","32293983432283445473372534407914028702","279550115446533684865211626208940972917","104454965380888258184927876949273661952","213462015308014849553462333152542319343","17709770620305686166818284381155690960","279550115446533684865211626208940972917","104454965380888258184927876949273661952","143312565989849313773924593936162855618","32293983432283445473372534407914028702"]},"deprecated":false},{"id":"CVE-2018-7485-6f7c1138","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","signature_version":"v1","target":{"file":"exe/iusql.c"},"digest":{"threshold":0.9,"line_hashes":["16920515504138527376691221490549844046","265361416020442231806819742315250355203","27953130207036718978259237167033226313","303589925598142668754667590288795642673"]},"deprecated":false},{"id":"CVE-2018-7485-80101cbb","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","signature_version":"v1","target":{"file":"DriverManager/SQLSetDescField.c"},"digest":{"threshold":0.9,"line_hashes":["194871485976564568222644147018375322529","312567024388020377303674224657788866569","58741678282498609914839137469146592184","209895836599252194242520718469085956174","326483403762743264162801175920691335243","168890070038278725565808719351188359857","125084256621417646051386122425565055328","125984365178799877983202624116070204082","92132637959238713266268352754292153879","306296870941242442268711629127234700614"]},"deprecated":false},{"id":"CVE-2018-7485-afd78502","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"_multi_string_alloc_and_expand","file":"odbcinst/SQLCreateDataSource.c"},"digest":{"function_hash":"23309584842023270580920713917630728259","length":383},"deprecated":false},{"id":"CVE-2018-7485-c90955bf","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"SQLSetDescField","file":"DriverManager/SQLSetDescField.c"},"digest":{"function_hash":"116185973548757359693982793420048436103","length":4846},"deprecated":false},{"id":"CVE-2018-7485-cef8ed6c","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Function","signature_version":"v1","target":{"function":"SQLSetDescFieldW","file":"DriverManager/SQLSetDescFieldW.c"},"digest":{"function_hash":"9414074466139147391569923712408860203","length":5785},"deprecated":false},{"id":"CVE-2018-7485-e2d13c2f","source":"https://github.com/lurcher/unixodbc/commit/45ef78e037f578b15fc58938a3a3251655e71d6f","signature_type":"Line","signature_version":"v1","target":{"file":"DriverManager/SQLGetDiagRecW.c"},"digest":{"threshold":0.9,"line_hashes":["322111850722312363252504691623787776831","323238464578941118727250322460627829589","237290684553146219010531614035793345490"]},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7485.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}