CVE-2023-36728

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 76.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

21

Microsoft Microsoft Odbc Driver 17 FOR SQL Server ON Linux Microsoft Microsoft Odbc Driver 17 FOR SQL Server ON Macos Microsoft Microsoft Odbc Driver 17 FOR SQL Server ON Windows +18 more

Timeline

PublishedOct 10

Description

Microsoft SQL Server Denial of Service Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages21 packages

▶CVEListV5microsoft/microsoft_sql_server_2014_service_pack_3_(gdr)12.0.0 — 12.0.6179.1

▶CVEListV5microsoft/microsoft_sql_server_2016_service_pack_3_(gdr)13.0.0 — 13.0.6435.1

▶CVEListV5microsoft/microsoft_sql_server_2014_service_pack_3_(cu_4)12.0.0 — 12.0.6449.1

▶CVEListV5microsoft/microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack13.0.0 — 13.0.7029.3

▶CVEListV5microsoft/microsoft_sql_server_2017_(gdr)14.0.0 — 14.0.2052.1

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-qqpc-cw23-65wv: Microsoft SQL Server Denial of Service Vulnerability↗2023-10-10

▶

CVEList

Microsoft SQL Server Denial of Service Vulnerability↗2023-10-10

▶

📋Vendor Advisories

1

Microsoft

Microsoft SQL Server Denial of Service Vulnerability↗2023-10-10

▶

CVE-2023-36728 (MEDIUM CVSS 5.5) | Microsoft SQL Server Denial of Serv | cvebase.io