user/freetds: CVE-2019-13508: heap-based buffer overflow
Bugzilla ID | 293 |
Alias(es) | CVE-2019-13508 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-05-26 17:31:53 -0500 |
Modified | 2020-06-15 16:38:59 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / major |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-13508 |
Description
CVE-2019-13508: https://nvd.nist.gov/vuln/detail/CVE-2019-13508
FreeTDS through 1.1.11 has a Buffer Overflow.
This can happens if server cause a downgrade to protocol 5.0 and send
a UDT type.
Patch: https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
Redhat says this is released in 1.1.11 contradicting NVD info: https://bugzilla.redhat.com/show_bug.cgi?id=1736255#c2
It's definitely fixed in 1.1.40 though