Search

Find a vulnerability

Search criteria

    216 vulnerabilities found for sql_server by microsoft

    CVE-2024-0056 (GCVE-0-2024-0056)

    Vulnerability from nvd – Published: 2024-01-09 17:56 – Updated: 2025-06-03 14:30
    VLAI
    Title
    Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
    Summary
    Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1110.1 (custom)
    Create a notification for this product.
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.26 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.15 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0 , < 8.0.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 2.0 , < 2.1.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 3.0 , < 3.1.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 4.0 , < 4.0.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 5.0 , < 5.1.3 (custom)
    Create a notification for this product.
    Microsoft System.Data.SqlClient Affected: 1.0 , < 4.8.6 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (CU 10) Affected: 0 , < 16.0.4100.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04690.02 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04690.02 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04081.03 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04081.02 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.09214.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.50727.8976 (custom)
    Create a notification for this product.
    Date Public
    2024-01-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:15.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:47:49.601673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:30:31.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1110.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.26",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.1",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.1.7",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.1.5",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.0.5",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.1.3",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "System.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4100.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2016",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04690.02",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04690.02",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2016",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04081.03",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04081.02",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows Server 2022, 23H2 Edition (Server Core installation)",
                "Windows 11 Version 23H2 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.09214.01",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.50727.8976",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1110.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.26",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.15",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.1",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.1.7",
                      "versionStartIncluding": "2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.1.5",
                      "versionStartIncluding": "3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.5",
                      "versionStartIncluding": "4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.1.3",
                      "versionStartIncluding": "5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:System.Data.SqlClient:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.6",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4100.1",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04690.02",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04690.02",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04081.03",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04081.02",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.09214.01",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.50727.8976",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-01-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319: Cleartext Transmission of Sensitive Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T01:46:55.272Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
            }
          ],
          "title": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-0056",
        "datePublished": "2024-01-09T17:56:58.972Z",
        "dateReserved": "2023-11-22T17:43:06.743Z",
        "dateUpdated": "2025-06-03T14:30:31.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36785 (GCVE-0-2023-36785)

    Vulnerability from nvd – Published: 2023-10-10 17:08 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:49.237869Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:42:30.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:42.673Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36785",
        "datePublished": "2023-10-10T17:08:10.995Z",
        "dateReserved": "2023-06-27T15:11:59.871Z",
        "dateUpdated": "2025-04-14T22:46:42.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36730 (GCVE-0-2023-36730)

    Vulnerability from nvd – Published: 2023-10-10 17:07 – Updated: 2025-04-14 22:45
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:50:10.793075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:44:39.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:45:59.713Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36730",
        "datePublished": "2023-10-10T17:07:31.809Z",
        "dateReserved": "2023-06-26T13:29:45.604Z",
        "dateUpdated": "2025-04-14T22:45:59.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36728 (GCVE-0-2023-36728)

    Vulnerability from nvd – Published: 2023-10-10 17:07 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft SQL Server Denial of Service Vulnerability
    Summary
    Microsoft SQL Server Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2019 (CU 22) Affected: 15.0.0 , < 15.0.4326.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (CU 8) Affected: 15.0.0 , < 16.0.4080.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (GDR) Affected: 14.0.0 , < 14.0.2052.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (GDR) Affected: 12.0.0 , < 12.0.6179.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (CU 4) Affected: 12.0.0 , < 12.0.6449.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (GDR) Affected: 15.0.0 , < 15.0.2104.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 (GDR) Affected: 13.0.0 , < 13.0.6435.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack Affected: 13.0.0 , < 13.0.7029.3 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (CU 31) Affected: 14.0.0 , < 14.0.3465.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1105.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft OLE DB Driver 19 for SQL Server Affected: 19.0.0 , < 19.3.0002.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft OLE DB Driver 18 for SQL Server Affected: 18.0.0 , < 18.6.0007.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.5.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.5.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.5.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.3.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.3.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.3.2.1 (custom)
    Create a notification for this product.
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.388Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL Server Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36728",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:21.915063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:44:34.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2052.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6179.1",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6449.1",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6435.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7029.3",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3465.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0002.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0007.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2052.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "12.0.6179.1",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
                      "versionEndExcluding": "12.0.6449.1",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6435.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7029.3",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3465.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0002.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0007.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL Server Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:01.074Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL Server Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
            }
          ],
          "title": "Microsoft SQL Server Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36728",
        "datePublished": "2023-10-10T17:07:32.864Z",
        "dateReserved": "2023-06-26T13:29:45.604Z",
        "dateUpdated": "2025-04-14T22:46:01.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36420 (GCVE-0-2023-36420)

    Vulnerability from nvd – Published: 2023-10-10 17:08 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:51.647284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:42:43.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415: Double Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:38.312Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36420",
        "datePublished": "2023-10-10T17:08:06.283Z",
        "dateReserved": "2023-06-21T15:14:27.785Z",
        "dateUpdated": "2025-04-14T22:46:38.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36417 (GCVE-0-2023-36417)

    Vulnerability from nvd – Published: 2023-10-10 17:08 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:57.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:50.389321Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:42:36.212Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0002.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0007.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0002.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0007.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:39.421Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
            }
          ],
          "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36417",
        "datePublished": "2023-10-10T17:08:07.327Z",
        "dateReserved": "2023-06-21T15:14:27.784Z",
        "dateUpdated": "2025-04-14T22:46:39.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38169 (GCVE-0-2023-38169)

    Vulnerability from nvd – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:07
    VLAI
    Title
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-08-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft OLE DB Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38169",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:53:47.232068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T21:07:23.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0001.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0006.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 5)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4053.3",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 21)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4316.3",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0001.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0006.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4053.3",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4316.3",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:59:01.894Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169"
            }
          ],
          "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-38169",
        "datePublished": "2023-08-08T17:08:44.529Z",
        "dateReserved": "2023-07-12T23:41:45.863Z",
        "dateUpdated": "2025-02-27T21:07:23.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32028 (GCVE-0-2023-32028)

    Vulnerability from nvd – Published: 2023-06-16 00:44 – Updated: 2025-01-01 01:43
    VLAI
    Title
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.848Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft OLE DB Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0001.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0006.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0001.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0006.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:44.971Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
            }
          ],
          "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32028",
        "datePublished": "2023-06-16T00:44:30.155Z",
        "dateReserved": "2023-05-01T15:34:52.132Z",
        "dateUpdated": "2025-01-01T01:43:44.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32027 (GCVE-0-2023-32027)

    Vulnerability from nvd – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32027",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:54.895772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:42.415Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:43.911Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32027",
        "datePublished": "2023-06-16T00:44:29.549Z",
        "dateReserved": "2023-05-01T15:34:52.132Z",
        "dateUpdated": "2025-02-28T21:08:42.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32026 (GCVE-0-2023-32026)

    Vulnerability from nvd – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32026",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:57.572834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:48.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:43.432Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32026",
        "datePublished": "2023-06-16T00:44:29.037Z",
        "dateReserved": "2023-05-01T15:34:52.131Z",
        "dateUpdated": "2025-02-28T21:08:48.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32025 (GCVE-0-2023-32025)

    Vulnerability from nvd – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:21:00.289520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:54.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:42.899Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32025",
        "datePublished": "2023-06-16T00:44:28.480Z",
        "dateReserved": "2023-05-01T15:34:52.131Z",
        "dateUpdated": "2025-02-28T21:08:54.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29356 (GCVE-0-2023-29356)

    Vulnerability from nvd – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:09
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:45.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:21:02.994154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:09:01.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:42.064Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-29356",
        "datePublished": "2023-06-16T00:44:27.384Z",
        "dateReserved": "2023-04-04T22:34:18.384Z",
        "dateUpdated": "2025-02-28T21:09:01.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29349 (GCVE-0-2023-29349)

    Vulnerability from nvd – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft OLE DB Driver 18 for SQL Server Affected: 18.0.0 , < 18.6.0006.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft OLE DB Driver 19 for SQL Server Affected: 19.0.0 , < 19.3.0001.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:45.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29349",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:52.256646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:36.270Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0006.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0001.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0006.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0001.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:44.451Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
            }
          ],
          "title": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-29349",
        "datePublished": "2023-06-16T00:44:38.243Z",
        "dateReserved": "2023-04-04T22:34:18.382Z",
        "dateUpdated": "2025-02-28T21:08:36.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23384 (GCVE-0-2023-23384)

    Vulnerability from nvd – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:04
    VLAI
    Title
    Microsoft SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft SQL Server Remote Code Execution Vulnerability
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2008 Service Pack 4 (QFE) Affected: 10.0.0 , < 10.0.6814.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2012 Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (GDR) Affected: 14.0.0 , < 14.0.2047.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2008 R2 Service Pack 3 (QFE) Affected: 10.0.0 , < 10.50.6785.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (GDR) Affected: 12.0.0 , < 12.0.6444.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (CU 4) Affected: 12.0.0 , < 12.0.6174.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (GDR) Affected: 15.0.0 , < 15.0.2101.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 (GDR) Affected: 13.0.0 , < 13.0.6430.49 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack Affected: 13.0.0 , < 13.0.7024.30 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (CU 31) Affected: 14.0.0 , < 14.0.3460.9 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (CU 18) Affected: 15.0.0 , < 15.0.4280.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1050.5 (custom)
    Create a notification for this product.
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.757Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2008 Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6814.4",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2047.8",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.50.6785.2",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6444.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6174.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2101.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6430.49",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7024.30",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3460.9",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 18)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4280.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1050.5",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x86:*",
                      "versionEndExcluding": "10.0.6814.4",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2047.8",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x86:*:*:*:*:*",
                      "versionEndExcluding": "10.50.6785.2",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "12.0.6444.4",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
                      "versionEndExcluding": "12.0.6174.8",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2101.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6430.49",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7024.30",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3460.9",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4280.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1050.5",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:04:30.377Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384"
            }
          ],
          "title": "Microsoft SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-23384",
        "datePublished": "2023-04-11T19:13:12.381Z",
        "dateReserved": "2023-01-11T22:08:03.134Z",
        "dateUpdated": "2025-01-23T01:04:30.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-21718 (GCVE-0-2023-21718)

    Vulnerability from nvd – Published: 2023-02-14 19:32 – Updated: 2025-02-28 21:14
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2012 Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (GDR) Affected: 14.0.0 , < 14.0.2047.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (GDR) Affected: 12.0.0 , < 12.0.6444.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (CU 4) Affected: 12.0.0 , < 12.0.6174.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (GDR) Affected: 15.0.0 , < 15.0.2101.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 (GDR) Affected: 13.0.0 , < 13.0.6430.49 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack Affected: 13.0.0 , < 13.0.7024.30 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (CU 31) Affected: 14.0.0 , < 14.0.3460.9 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1050.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (CU 18) Affected: 15.0.0 , < 15.0.4280.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2008 R2 Service Pack 3 (QFE) Affected: 10.0.0 , < 10.50.6785.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2008 Service Pack 4 (QFE) Affected: 10.0.0 , < 10.0.6814.4 (custom)
    Create a notification for this product.
    Date Public
    2023-02-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:51:49.438Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21718",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:23:21.406080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:14:13.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2047.8",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6444.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6174.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2101.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6430.49",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7024.30",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3460.9",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1050.5",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 18)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4280.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.50.6785.2",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2008 Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6814.4",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2047.8",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "12.0.6444.4",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
                      "versionEndExcluding": "12.0.6174.8",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2101.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6430.49",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7024.30",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3460.9",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1050.5",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4280.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x64:*:*:*:*:*",
                      "versionEndExcluding": "10.50.6785.2",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x86:*",
                      "versionEndExcluding": "10.0.6814.4",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-02-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T00:40:47.652Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-21718",
        "datePublished": "2023-02-14T19:32:46.111Z",
        "dateReserved": "2022-12-13T18:08:03.492Z",
        "dateUpdated": "2025-02-28T21:14:13.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-21713 (GCVE-0-2023-21713)

    Vulnerability from nvd – Published: 2023-02-14 19:33 – Updated: 2025-01-01 00:41
    VLAI
    Title
    Microsoft SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft SQL Server Remote Code Execution Vulnerability
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack Affected: 13.0.0 , < 13.0.7024.30 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (CU 4) Affected: 12.0.0 , < 12.0.6174.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (GDR) Affected: 12.0.0 , < 12.0.6444.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (GDR) Affected: 15.0.0 , < 15.0.2101.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 (GDR) Affected: 13.0.0 , < 13.0.6430.49 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2012 Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (GDR) Affected: 14.0.0 , < 14.0.2047.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (CU 18) Affected: 15.0.0 , < 15.0.4280.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (CU 31) Affected: 14.0.0 , < 14.0.3460.9 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1050.5 (custom)
    Create a notification for this product.
    Date Public
    2023-02-14 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:44:02.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7024.30",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6174.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6444.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2101.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6430.49",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2047.8",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 18)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4280.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3460.9",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1050.5",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7024.30",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
                      "versionEndExcluding": "12.0.6174.8",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
                      "versionEndExcluding": "12.0.6444.4",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2101.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6430.49",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2047.8",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4280.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3460.9",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1050.5",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-02-14T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T00:41:17.104Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713"
            }
          ],
          "title": "Microsoft SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-21713",
        "datePublished": "2023-02-14T19:33:42.806Z",
        "dateReserved": "2022-12-13T18:08:03.491Z",
        "dateUpdated": "2025-01-01T00:41:17.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0056 (GCVE-0-2024-0056)

    Vulnerability from cvelistv5 – Published: 2024-01-09 17:56 – Updated: 2025-06-03 14:30
    VLAI
    Title
    Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
    Summary
    Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1110.1 (custom)
    Create a notification for this product.
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.26 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.15 (custom)
    Create a notification for this product.
    Microsoft .NET 8.0 Affected: 8.0 , < 8.0.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 2.0 , < 2.1.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 3.0 , < 3.1.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 4.0 , < 4.0.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft.Data.SqlClient Affected: 5.0 , < 5.1.3 (custom)
    Create a notification for this product.
    Microsoft System.Data.SqlClient Affected: 1.0 , < 4.8.6 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (CU 10) Affected: 0 , < 16.0.4100.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.04690.02 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.04690.02 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.04081.03 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04081.02 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.09214.01 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.50727.8976 (custom)
    Create a notification for this product.
    Date Public
    2024-01-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:15.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:47:49.601673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:30:31.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1110.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.26",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 8.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.0.1",
                  "status": "affected",
                  "version": "8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.1.7",
                  "status": "affected",
                  "version": "2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.1.5",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.0.5",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.1.3",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "System.Data.SqlClient",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.6",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4100.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2016",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04690.02",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.04690.02",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2016",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04081.03",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04081.02",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 11 Version 23H2 for ARM64-based Systems",
                "Windows Server 2022, 23H2 Edition (Server Core installation)",
                "Windows 11 Version 23H2 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.09214.01",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.50727.8976",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1110.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.26",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.15",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.0.1",
                      "versionStartIncluding": "8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.1.7",
                      "versionStartIncluding": "2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.1.5",
                      "versionStartIncluding": "3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.5",
                      "versionStartIncluding": "4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:data_sql_client:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.1.3",
                      "versionStartIncluding": "5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:System.Data.SqlClient:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.6",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4100.1",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04690.02",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.04690.02",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04081.03",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04081.02",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.09214.01",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.50727.8976",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-01-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319: Cleartext Transmission of Sensitive Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-03T01:46:55.272Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056"
            }
          ],
          "title": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-0056",
        "datePublished": "2024-01-09T17:56:58.972Z",
        "dateReserved": "2023-11-22T17:43:06.743Z",
        "dateUpdated": "2025-06-03T14:30:31.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36785 (GCVE-0-2023-36785)

    Vulnerability from cvelistv5 – Published: 2023-10-10 17:08 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:49.237869Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:42:30.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:42.673Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36785",
        "datePublished": "2023-10-10T17:08:10.995Z",
        "dateReserved": "2023-06-27T15:11:59.871Z",
        "dateUpdated": "2025-04-14T22:46:42.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36417 (GCVE-0-2023-36417)

    Vulnerability from cvelistv5 – Published: 2023-10-10 17:08 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:57.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:50.389321Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:42:36.212Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0002.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0007.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0002.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0007.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:39.421Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
            }
          ],
          "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36417",
        "datePublished": "2023-10-10T17:08:07.327Z",
        "dateReserved": "2023-06-21T15:14:27.784Z",
        "dateUpdated": "2025-04-14T22:46:39.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36420 (GCVE-0-2023-36420)

    Vulnerability from cvelistv5 – Published: 2023-10-10 17:08 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:51.647284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:42:43.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415: Double Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:38.312Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36420",
        "datePublished": "2023-10-10T17:08:06.283Z",
        "dateReserved": "2023-06-21T15:14:27.785Z",
        "dateUpdated": "2025-04-14T22:46:38.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36728 (GCVE-0-2023-36728)

    Vulnerability from cvelistv5 – Published: 2023-10-10 17:07 – Updated: 2025-04-14 22:46
    VLAI
    Title
    Microsoft SQL Server Denial of Service Vulnerability
    Summary
    Microsoft SQL Server Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2019 (CU 22) Affected: 15.0.0 , < 15.0.4326.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (CU 8) Affected: 15.0.0 , < 16.0.4080.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (GDR) Affected: 14.0.0 , < 14.0.2052.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (GDR) Affected: 12.0.0 , < 12.0.6179.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (CU 4) Affected: 12.0.0 , < 12.0.6449.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (GDR) Affected: 15.0.0 , < 15.0.2104.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 (GDR) Affected: 13.0.0 , < 13.0.6435.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack Affected: 13.0.0 , < 13.0.7029.3 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (CU 31) Affected: 14.0.0 , < 14.0.3465.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1105.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft OLE DB Driver 19 for SQL Server Affected: 19.0.0 , < 19.3.0002.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft OLE DB Driver 18 for SQL Server Affected: 18.0.0 , < 18.6.0007.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.5.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.5.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.5.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.3.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.3.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.3.2.1 (custom)
    Create a notification for this product.
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.388Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL Server Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36728",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:49:21.915063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:44:34.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2052.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6179.1",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6449.1",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6435.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7029.3",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3465.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0002.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0007.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2052.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "12.0.6179.1",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
                      "versionEndExcluding": "12.0.6449.1",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6435.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7029.3",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3465.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0002.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0007.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL Server Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:46:01.074Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL Server Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
            }
          ],
          "title": "Microsoft SQL Server Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36728",
        "datePublished": "2023-10-10T17:07:32.864Z",
        "dateReserved": "2023-06-26T13:29:45.604Z",
        "dateUpdated": "2025-04-14T22:46:01.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36730 (GCVE-0-2023-36730)

    Vulnerability from cvelistv5 – Published: 2023-10-10 17:07 – Updated: 2025-04-14 22:45
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2023-10-10 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:52:54.089Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:50:10.793075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:44:39.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2104.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1105.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.5.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.3.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4080.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 22)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4326.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2104.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1105.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.5.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.3.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4080.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4326.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-10-10T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T22:45:59.713Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36730",
        "datePublished": "2023-10-10T17:07:31.809Z",
        "dateReserved": "2023-06-26T13:29:45.604Z",
        "dateUpdated": "2025-04-14T22:45:59.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38169 (GCVE-0-2023-38169)

    Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:07
    VLAI
    Title
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-08-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft OLE DB Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38169",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:53:47.232068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T21:07:23.872Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0001.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0006.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (CU 5)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4053.3",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 21)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4316.3",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0001.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0006.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4053.3",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4316.3",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:59:01.894Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169"
            }
          ],
          "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-38169",
        "datePublished": "2023-08-08T17:08:44.529Z",
        "dateReserved": "2023-07-12T23:41:45.863Z",
        "dateUpdated": "2025-02-27T21:07:23.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29349 (GCVE-0-2023-29349)

    Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft OLE DB Driver 18 for SQL Server Affected: 18.0.0 , < 18.6.0006.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft OLE DB Driver 19 for SQL Server Affected: 19.0.0 , < 19.3.0001.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:45.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29349",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:52.256646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:36.270Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0006.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0001.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0006.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0001.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:44.451Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349"
            }
          ],
          "title": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-29349",
        "datePublished": "2023-06-16T00:44:38.243Z",
        "dateReserved": "2023-04-04T22:34:18.382Z",
        "dateUpdated": "2025-02-28T21:08:36.270Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32028 (GCVE-0-2023-32028)

    Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-01-01 01:43
    VLAI
    Title
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    Summary
    Microsoft SQL OLE DB Remote Code Execution Vulnerability
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.848Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft OLE DB Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 19 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "19.3.0001.0",
                  "status": "affected",
                  "version": "19.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft OLE DB Driver 18 for SQL Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.6.0006.0",
                  "status": "affected",
                  "version": "18.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "19.3.0001.0",
                      "versionStartIncluding": "19.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.6.0006.0",
                      "versionStartIncluding": "18.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:44.971Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL OLE DB Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028"
            }
          ],
          "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32028",
        "datePublished": "2023-06-16T00:44:30.155Z",
        "dateReserved": "2023-05-01T15:34:52.132Z",
        "dateUpdated": "2025-01-01T01:43:44.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32027 (GCVE-0-2023-32027)

    Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.681Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32027",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:54.895772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:42.415Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:43.911Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32027",
        "datePublished": "2023-06-16T00:44:29.549Z",
        "dateReserved": "2023-05-01T15:34:52.132Z",
        "dateUpdated": "2025-02-28T21:08:42.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32026 (GCVE-0-2023-32026)

    Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32026",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:57.572834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:48.193Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:43.432Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32026",
        "datePublished": "2023-06-16T00:44:29.037Z",
        "dateReserved": "2023-05-01T15:34:52.131Z",
        "dateUpdated": "2025-02-28T21:08:48.193Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32025 (GCVE-0-2023-32025)

    Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:08
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32025",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:21:00.289520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:08:54.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:42.899Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32025",
        "datePublished": "2023-06-16T00:44:28.480Z",
        "dateReserved": "2023-05-01T15:34:52.131Z",
        "dateUpdated": "2025-02-28T21:08:54.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29356 (GCVE-0-2023-29356)

    Vulnerability from cvelistv5 – Published: 2023-06-16 00:44 – Updated: 2025-02-28 21:09
    VLAI
    Title
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Linux Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Linux Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on Windows Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on Windows Affected: 18.0.0.0 , < 18.2.2.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 17 for SQL Server on MacOS Affected: 17.0.0.0 , < 17.10.4.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft ODBC Driver 18 for SQL Server on MacOS Affected: 18.0.0.0 , < 18.2.1.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.23 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.15 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.8 Affected: 17.8.0 , < 17.8.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.33 (custom)
    Create a notification for this product.
    Date Public
    2023-06-15 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:45.671Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:21:02.994154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:09:01.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.2.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.10.4.1",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "18.2.1.1",
                  "status": "affected",
                  "version": "18.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.23",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.15",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.11",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.8.4",
                  "status": "affected",
                  "version": "17.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.33",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.2.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.10.4.1",
                      "versionStartIncluding": "17.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "18.2.1.1",
                      "versionStartIncluding": "18.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.23",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.15",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.11",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.8.4",
                      "versionStartIncluding": "17.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.33",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-15T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:42.064Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356"
            }
          ],
          "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-29356",
        "datePublished": "2023-06-16T00:44:27.384Z",
        "dateReserved": "2023-04-04T22:34:18.384Z",
        "dateUpdated": "2025-02-28T21:09:01.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23384 (GCVE-0-2023-23384)

    Vulnerability from cvelistv5 – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:04
    VLAI
    Title
    Microsoft SQL Server Remote Code Execution Vulnerability
    Summary
    Microsoft SQL Server Remote Code Execution Vulnerability
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SQL Server 2008 Service Pack 4 (QFE) Affected: 10.0.0 , < 10.0.6814.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2012 Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) Affected: 11.0.0 , < 11.0.7512.11 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (GDR) Affected: 14.0.0 , < 14.0.2047.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2008 R2 Service Pack 3 (QFE) Affected: 10.0.0 , < 10.50.6785.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (GDR) Affected: 12.0.0 , < 12.0.6444.4 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2014 Service Pack 3 (CU 4) Affected: 12.0.0 , < 12.0.6174.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (GDR) Affected: 15.0.0 , < 15.0.2101.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 (GDR) Affected: 13.0.0 , < 13.0.6430.49 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack Affected: 13.0.0 , < 13.0.7024.30 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2017 (CU 31) Affected: 14.0.0 , < 14.0.3460.9 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2019 (CU 18) Affected: 15.0.0 , < 15.0.4280.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft SQL Server 2022 (GDR) Affected: 16.0.0 , < 16.0.1050.5 (custom)
    Create a notification for this product.
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.757Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft SQL Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2008 Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.6814.4",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "11.0.7512.11",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2047.8",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.50.6785.2",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "32-bit Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6444.4",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.6174.8",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2101.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6430.49",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7024.30",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3460.9",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 18)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4280.7",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1050.5",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x86:*",
                      "versionEndExcluding": "10.0.6814.4",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
                      "versionEndExcluding": "11.0.7512.11",
                      "versionStartIncluding": "11.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2047.8",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x86:*:*:*:*:*",
                      "versionEndExcluding": "10.50.6785.2",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "12.0.6444.4",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
                      "versionEndExcluding": "12.0.6174.8",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2101.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6430.49",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7024.30",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3460.9",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4280.7",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1050.5",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft SQL Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:04:30.377Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384"
            }
          ],
          "title": "Microsoft SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-23384",
        "datePublished": "2023-04-11T19:13:12.381Z",
        "dateReserved": "2023-01-11T22:08:03.134Z",
        "dateUpdated": "2025-01-23T01:04:30.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }