Microsoft SQL Server RCE via Native Scoring
CVE-2024-37339 Published on September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

Untrusted Pointer Dereference

The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Products Associated with CVE-2024-37339

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-37339 are published in these products:

Microsoft Sql 2016 Azure Connect Feature Pack

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2022

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2060.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2120.1 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3475.1 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1125.1 is affected.

Microsoft SQL Server 2022 for (CU 14):

Version 16.0.0 and below 16.0.4140.3 is affected.

Microsoft SQL Server 2019 (CU 28):

Version 15.0.0 and below 15.0.4390.2 is affected.

Exploit Probability

EPSS

4.09%

Percentile

88.31%