Home

Description

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0.

PUBLISHED Reserved 2026-04-03 | Published 2026-04-03 | Updated 2026-04-07 | Assigner AMZN




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-787 Out-of-bounds write

Product status

Default status
unaffected

2.1.0.0
unaffected

References

aws.amazon.com/security/security-bulletins/2026-013-aws/ vendor-advisory

downloads.athena.us-east-1.amazonaws.com/...ODBC-2.1.0.0.msi patch

downloads.athena.us-east-1.amazonaws.com/...ODBC-2.1.0.0.rpm patch

downloads.athena.us-east-1.amazonaws.com/...-2.1.0.0_arm.pkg patch

downloads.athena.us-east-1.amazonaws.com/...-2.1.0.0_x86.pkg patch

docs.aws.amazon.com/.../ug/odbc-v2-driver-release-notes.html release-notes

cve.org (CVE-2026-35559)

nvd.nist.gov (CVE-2026-35559)

Download JSON