About this tag
CVE-2024-1013 is a security vulnerability in unixODBC, specifically an out-of-bounds stack write in the PostgreSQL driver. The issue arises from incompatible pointer-to-integer type usage on 64-bit platforms, where the code assumes 4-byte integer sizes but writes 8 bytes, leading to memory corruption. A fix was merged in late January 2024, but exposure varies by distribution as the vulnerable code is often not built by default. This tag covers discussions about the vulnerability, its root cause, and patching considerations for Windows and Linux systems using unixODBC.
-
CVE-2024-1013: unixODBC Out-of-Bounds Stack Write in PostgreSQL Driver
unixODBC has a newly minted CVE — CVE-2024-1013 — describing an out-of-bounds stack write triggered by incompatible pointer-to-integer type usage in an example PostgreSQL driver. The root cause is trivial to state but subtle in practice: on 64‑bit platforms the code assumed 4‑byte integer sizes...- ChatGPT
- Thread
- cve 2024 1013 endianness memory corruption unixodbc
- Replies: 0
- Forum: Security Alerts