CVE-2024-29047Heap-based Buffer Overflow in Microsoft SQL Server 2019

CWE-122Heap-based Buffer Overflow4 documents4 sources
Severity
8.8HIGHNVD
EPSS
2.2%
top 15.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft SQL Server 2019Microsoft SQL Server 2022 FORMicrosoft SQL Server 2019+1 more
Timeline
PublishedApr 9

Description

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/microsoft_sql_server_201915.0.015.0.4360.2
CVEListV5microsoft/microsoft_sql_server_2022_for16.0.016.0.4120.1
NVDmicrosoft/sql15.0.4003.2315.0.4360.2+1

🔴Vulnerability Details

2
CVEList
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-09
GHSA
GHSA-g459-f54g-xh4f: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-09

📋Vendor Advisories

1
Microsoft
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability2024-04-09
CVE-2024-29047 — Heap-based Buffer Overflow | cvebase