CVE-2019-13508

NameCVE-2019-13508
DescriptionFreeTDS through 1.1.11 has a Buffer Overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh
Debian Bugs944012

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freetds (PTS)jessie0.91-6fixed
stretch0.91-6.1fixed
buster1.00.104-1vulnerable
bullseye, sid1.1.6-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freetdssource(unstable)(unfixed)944012
freetdssourcejessie(not affected)
freetdssourcestretch(not affected)

Notes

[stretch] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
[jessie] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
https://bugs.launchpad.net/bugs/1835896
https://bugzilla.redhat.com/show_bug.cgi?id=1736255
https://bugzilla.novell.com/show_bug.cgi?id=1141132

Search for package or bug name: Reporting problems