Remote Code Execution in Microsoft SQL Server Native Scoring
CVE-2024-37340 Published on September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

Untrusted Pointer Dereference

The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Products Associated with CVE-2024-37340

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Sql 2016 Azure Connect Feature Pack

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2022

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2060.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2120.1 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3475.1 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1125.1 is affected.

Microsoft SQL Server 2022 for (CU 14):

Version 16.0.0 and below 16.0.4140.3 is affected.

Microsoft SQL Server 2019 (CU 28):

Version 15.0.0 and below 15.0.4390.2 is affected.

Exploit Probability

EPSS

4.09%

Percentile

88.44%