CVE-2018-8273Out-of-bounds Write in Microsoft SQL Server

CWE-787Out-of-bounds Write4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
22.7%
top 4.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft SQL ServerMicrosoft SQL Server
Timeline
PublishedAug 15
Latest updateMay 13

Description

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/sql_server2016, 2017+1
CVEListV5microsoft/microsoft_sql_server6 versions+5

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xq9g-9hx4-3c38: A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Se2022-05-13
CVEList
CVE-2018-8273: A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Se2018-08-15

📋Vendor Advisories

1
Microsoft
Microsoft SQL Server Remote Code Execution Vulnerability2018-08-14
CVE-2018-8273 — Out-of-bounds Write in Microsoft | cvebase