Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-28928 Published on July 9, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

What is a Stack Overflow Vulnerability?

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2024-28928 has been classified to as a Stack Overflow vulnerability or weakness.

Products Associated with CVE-2024-28928

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2022

Microsoft SQL Server

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2056.2 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2116.2 is affected.

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6441.1 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7037.1 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3471.2 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1121.4 is affected.

Microsoft SQL Server 2022 for (CU 13):

Version 16.0.0 and below 16.0.4131.2 is affected.

Microsoft SQL Server 2019 for x64-based Systems (CU 27):

Version 15.0.0 and below 15.0.4382.1 is affected.

Exploit Probability

EPSS

2.26%

Percentile

84.34%