CVE-2001-0542Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft SQL Server

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
10.4%
top 6.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft SQL Server
Timeline
PublishedDec 20
Latest updateApr 30

Description

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/sql_server2000, 7.0+1

Patches

Patch: www.atstake.comPatch: www.securityfocus.comPatch: www.atstake.com

🔴Vulnerability Details

2
GHSA
GHSA-w7gq-qfwh-xj2g: Buffer overflows in Microsoft SQL Server 72022-04-30
CVEList
CVE-2001-0542: Buffer overflows in Microsoft SQL Server 72002-02-18
CVE-2001-0542 — Microsoft SQL Server vulnerability | cvebase