Login Sign Up

CVE-2024-1013

7.8 HIGH
Denial of Service

📋 TL;DR

An out-of-bounds stack write vulnerability in unixODBC on 64-bit architectures allows attackers to corrupt memory by writing 8 bytes into a 4-byte buffer. This can lead to denial of service or potentially arbitrary code execution. Systems using unixODBC on 64-bit architectures are affected, with big-endian systems being particularly vulnerable.

💻 Affected Systems

Products:
  • unixODBC
Versions: All versions prior to the fix
Operating Systems: Linux, Unix-like systems on 64-bit architectures
Default Config Vulnerable: ⚠️ Yes
Notes: Primarily affects 64-bit architectures. Big-endian systems are more likely to experience issues, while little-endian systems may not show immediate symptoms.

📦 What is this software?

Unixodbc by Unixodbc

View all CVEs affecting Unixodbc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if combined with other vulnerabilities or specific configurations.

🟠

Likely Case

Denial of service through application crashes or system instability.

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires unixODBC to be exposed to untrusted input, which is less common in internet-facing services.
🏢 Internal Only: MEDIUM - Internal applications using unixODBC with untrusted data sources could be vulnerable.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires the attacker to control input to unixODBC functions. The vulnerability is in the library itself, so any application using unixODBC could be affected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor-specific patches (e.g., Red Hat has released updates)

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-1013

Restart Required: Yes

Instructions:

1. Check your distribution's security advisories. 2. Apply the latest unixODBC package update. 3. Restart affected services or applications using unixODBC.

🔧 Temporary Workarounds

Disable unixODBC if unused

linux

Remove or disable unixODBC if not required for system functionality.

sudo apt remove unixodbc
sudo yum remove unixODBC

🧯 If You Can't Patch

  • Implement strict input validation for applications using unixODBC
  • Use exploit mitigations like ASLR and stack canaries if supported

🔍 How to Verify

Check if Vulnerable:

Check unixODBC version and compare with patched versions from your vendor.

Check Version:

odbc_config --version

Verify Fix Applied:

Verify the installed unixODBC package version matches or exceeds the patched version from your vendor.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or segmentation faults in processes using unixODBC
  • Unexpected memory access errors in system logs

Network Indicators:

  • Unusual database connection attempts or ODBC-related network traffic patterns

SIEM Query:

Process crashes with 'unixODBC' or 'odbc' in command line or error messages

📊 Metadata

CVE ID: CVE-2024-1013
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-823
Published: March 18, 2024
Last Updated: March 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1013, you might also want to check these:

CVE-2017-11076 9.8

CVE-2017-11076 is a critical memory corruption vulnerability in Qualcomm hardware VP9 video decoding...

Same vulnerability type (CWE-823)
CVE-2023-24855 9.8

This vulnerability allows memory corruption in Qualcomm modem chipsets while processing security con...

Same vulnerability type (CWE-823)
CVE-2025-27059 8.8

This vulnerability allows memory corruption during SCM (System Control Manager) calls in Qualcomm co...

Same vulnerability type (CWE-823)