CVE-2023-38169: SQL Server OLE DB RCE Vulnerability
CVE-2023-38169 Published on August 8, 2023

Microsoft SQL OLE DB Remote Code Execution Vulnerability
Microsoft SQL OLE DB Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2023-38169 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2023-38169

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft SQL Server

Microsoft Odbc Driver For Sql Server

Microsoft Ole Db Driver For Sql Server

Affected Versions

Microsoft OLE DB Driver 19 for SQL Server:

Version 19.0.0 and below 19.3.0001.0 is affected.

Microsoft OLE DB Driver 18 for SQL Server:

Version 18.0.0 and below 18.6.0006.0 is affected.

Microsoft ODBC Driver 18 for SQL Server on Linux:

Version 18.0.0.0 and below 18.2.1.1 is affected.

Microsoft ODBC Driver 17 for SQL Server on MacOS:

Version 17.0.0.0 and below 17.10.4.1 is affected.

Microsoft SQL Server 2022 (CU 5):

Version 15.0.0 and below 16.0.4053.3 is affected.

Microsoft ODBC Driver 17 for SQL Server on Linux:

Version 17.0.0.0 and below 17.10.4.1 is affected.

Microsoft ODBC Driver 18 for SQL Server on MacOS:

Version 18.0.0.0 and below 18.2.1.1 is affected.

Microsoft SQL Server 2019 (CU 21):

Version 15.0.0 and below 15.0.4316.3 is affected.

Microsoft ODBC Driver 17 for SQL Server on Windows:

Version 17.0.0.0 and below 17.10.4.1 is affected.

Microsoft ODBC Driver 18 for SQL Server on Windows:

Version 18.0.0.0 and below 18.2.2.1 is affected.

Exploit Probability

EPSS

0.38%

Percentile

59.04%