HIGHCVE-2026-35559Published 2026-04-03Modified 2026-04-07CNA AMZN

CVE-2026-35559: Out-of-bounds write in query processing components in Amazon Athena ODBC driver

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 2.1.0.0
Affected Products: 1

Fix available

2.1.0.0

Patch commits

downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com

Affected packages

Amazon / Amazon Athena ODBC driver
Fixed in 2.1.0.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

aws.amazon.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
docs.aws.amazon.com

Metrics

Fix available