Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37324 Published on July 9, 2024
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2024-37324
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-37324 are published in these products:
Affected Versions
Microsoft SQL Server 2022 for (CU 13):- Version 16.0.0 and below 16.0.4131.2 is affected.
- Version 15.0.0 and below 15.0.4382.1 is affected.
- Version 14.0.0 and below 14.0.2056.2 is affected.
- Version 15.0.0 and below 15.0.2116.2 is affected.
- Version 13.0.0 and below 13.0.6441.1 is affected.
- Version 13.0.0 and below 13.0.7037.1 is affected.
- Version 14.0.0 and below 14.0.3471.2 is affected.
- Version 16.0.0 and below 16.0.1121.4 is affected.
Exploit Probability
EPSS
4.03%
Percentile
88.22%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.