CVE-2019-13508

NameCVE-2019-13508
DescriptionFreeTDS through 1.1.11 has a Buffer Overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs944012

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freetds (PTS)bullseye1.2.3-1fixed
sid, trixie, bookworm1.3.17+ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freetdssourcejessie(not affected)
freetdssourcestretch(not affected)
freetdssourcebuster1.00.104-1+deb10u1
freetdssource(unstable)1.1.6-1.1944012

Notes

[stretch] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
[jessie] - freetds <not-affected> (Vulnerable code introduced in 0.95 upstream)
https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
https://bugs.launchpad.net/bugs/1835896
https://bugzilla.redhat.com/show_bug.cgi?id=1736255
https://bugzilla.novell.com/show_bug.cgi?id=1141132

Search for package or bug name: Reporting problems