SQL Server Native Client RCE via Remote Code Execution
CVE-2024-49000 Published on November 12, 2024

SQL Server Native Client Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2024-49000

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-49000 are published in these products:

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2070.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2130.3 is affected.

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6460.7 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7055.9 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3485.1 is affected.

Microsoft SQL Server 2019 (CU 29):

Version 15.0.0 and below 15.0.4410.1 is affected.

Exploit Probability

EPSS

6.04%

Percentile

90.32%