CVE-2002-0650Improper Handling of Undefined Parameters in Microsoft SQL Server

CWE-236Improper Handling of Undefined Parameters4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
25.2%
top 3.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft SQL Server
Timeline
PublishedAug 12
Latest updateApr 30

Description

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gcrv-9fp9-jhxr: The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style2022-04-30
CVEList
CVE-2002-0650: The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style2003-04-02

📐Framework References

1
CWE
Improper Handling of Undefined Parameters
CVE-2002-0650 — Microsoft SQL Server vulnerability | cvebase