Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49021 Published on November 12, 2024

Microsoft SQL Server Remote Code Execution Vulnerability

Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-49021 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2024-49021

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-49021 are published in these products:

Microsoft SQL Server

Microsoft Sql Server 2016

Microsoft Sql Server 2017

Microsoft Sql Server 2019

Microsoft Sql Server 2022

Affected Versions

Microsoft SQL Server 2017 (GDR):

Version 14.0.0 and below 14.0.2070.1 is affected.

Microsoft SQL Server 2019 (GDR):

Version 15.0.0 and below 15.0.2130.3 is affected.

Microsoft SQL Server 2016 Service Pack 3 (GDR):

Version 13.0.0 and below 13.0.6455.2 is affected.

Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack:

Version 13.0.0 and below 13.0.7050.2 is affected.

Microsoft SQL Server 2017 (CU 31):

Version 14.0.0 and below 14.0.3485.1 is affected.

Microsoft SQL Server 2022 (GDR):

Version 16.0.0 and below 16.0.1135.2 is affected.

Microsoft SQL Server 2019 (CU 29):

Version 15.0.0 and below 15.0.4410.1 is affected.

Microsoft SQL Server 2022 for (CU 15):

Version 16.0.0 and below 16.0.4155.4 is affected.

Exploit Probability

EPSS

0.89%

Percentile

75.11%