CVE-2024-21303: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Affected

23 ranges

Vendor	Product	Version range	Fixed in
microsoft	microsoft_sql_server_2016_service_pack_3	>= 13.0.0 < 13.0.6441.1	13.0.6441.1
microsoft	microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack	>= 13.0.0 < 13.0.7037.1	13.0.7037.1
microsoft	microsoft_sql_server_2017	>= 14.0.0 < 14.0.2056.2	14.0.2056.2
microsoft	microsoft_sql_server_2017	>= 14.0.0 < 14.0.3471.2	14.0.3471.2
microsoft	microsoft_sql_server_2019	>= 15.0.0 < 15.0.2116.2	15.0.2116.2
microsoft	microsoft_sql_server_2019_for_x64-based_systems	>= 15.0.0 < 15.0.4382.1	15.0.4382.1
microsoft	microsoft_sql_server_2022	>= 16.0.0 < 16.0.1121.4	16.0.1121.4
microsoft	microsoft_sql_server_2022_for	>= 16.0.0 < 16.0.4131.2	16.0.4131.2
microsoft	sql_server_2016	—	—
microsoft	sql_server_2016	—	—
microsoft	sql_server_2016	13.0.0.0 – 13.0.6441.1	—
microsoft	sql_server_2016	13.0.6441.2 – 13.0.7037.1	—
microsoft	sql_server_2017	>= 14.0.0.0 < 14.0.2056.2	14.0.2056.2
microsoft	sql_server_2017	>= 14.0.2056.3 < 14.0.3471.2	14.0.3471.2
microsoft	sql_server_2019	>= 15.0.0.0 < 15.0.2116.2	15.0.2116.2
microsoft	sql_server_2019	>= 15.0.2116.3 < 15.0.4382.1	15.0.4382.1
microsoft	sql_server_2022	>= 16.0.0.0 < 16.0.1121.4	16.0.1121.4
microsoft	sql_server_2022	>= 16.0.1121.5 < 16.0.4131.2	16.0.4131.2
msrc	microsoft_sql_server_2016_for_x64-based_systems_service_pack_3	—	—
msrc	microsoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea	—	—
msrc	microsoft_sql_server_2017_for_x64-based_systems	—	—
msrc	microsoft_sql_server_2019_for_x64-based_systems	—	—
msrc	microsoft_sql_server_2022_for_x64-based_systems	—	—