Remote Code Execution in Microsoft SQL Server Native Scoring
CVE-2024-37340 Published on September 10, 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Weakness Type
Untrusted Pointer Dereference
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Products Associated with CVE-2024-37340
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-37340 are published in these products:
Affected Versions
Microsoft SQL Server 2017 (GDR):- Version 14.0.0 and below 14.0.2060.1 is affected.
- Version 15.0.0 and below 15.0.2120.1 is affected.
- Version 14.0.0 and below 14.0.3475.1 is affected.
- Version 16.0.0 and below 16.0.1125.1 is affected.
- Version 16.0.0 and below 16.0.4140.3 is affected.
- Version 15.0.0 and below 15.0.4390.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.