RCE in Microsoft SQL Server Native Client
CVE-2024-49016 Published on November 12, 2024

SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-49016 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2024-49016

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-49016 are published in these products:

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2070.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2130.3 is affected.

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6455.2 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7050.2 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3485.1 is affected.

Microsoft SQL Server 2019 (CU 29):

Version 15.0.0 and below 15.0.4410.1 is affected.

Exploit Probability

EPSS

3.99%

Percentile

88.19%