Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21303 Published on July 9, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-21303 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2024-21303

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-21303 are published in these products:

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2016

Microsoft Sql Server 2022

Microsoft SQL Server

Affected Versions

Microsoft SQL Server 2022 for (CU 13):

Version 16.0.0 and below 16.0.4131.2 is affected.

Microsoft SQL Server 2019 for x64-based Systems (CU 27):

Version 15.0.0 and below 15.0.4382.1 is affected.

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2056.2 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2116.2 is affected.

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6441.1 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7037.1 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3471.2 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1121.4 is affected.

Exploit Probability

EPSS

3.01%

Percentile

86.33%