CVE-2014-4061Microsoft SQL Server vulnerability

CWE-3993 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
38.4%
top 2.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft SQL Server
Timeline
PublishedAug 12
Latest updateMay 14

Description

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

NVDmicrosoft/sql_server2008, 2012+1

🔴Vulnerability Details

2
GHSA
GHSA-ccr3-73xp-v8c7: Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which a2022-05-14
CVEList
CVE-2014-4061: Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which a2014-08-12
CVE-2014-4061 — Microsoft SQL Server vulnerability | cvebase