CVE-2001-0879Use of Externally-Controlled Format String in Microsoft SQL Server

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
14.6%
top 5.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft SQL Server
Timeline
PublishedDec 20
Latest updateApr 30

Description

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/sql_server2000, 7.0+1

Patches

Patch: www.atstake.comPatch: www.securityfocus.comPatch: www.atstake.com

🔴Vulnerability Details

2
GHSA
GHSA-fc3x-69ww-xrw6: Format string vulnerability in the C runtime functions in SQL Server 72022-04-30
CVEList
CVE-2001-0879: Format string vulnerability in the C runtime functions in SQL Server 72002-03-09
CVE-2001-0879 — Microsoft SQL Server vulnerability | cvebase