CVE-2023-21528

Published: Feb 14, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

Microsoft SQL Server Remote Code Execution Vulnerability

Affected (7)

Products: Microsoft: Sql Server

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sql Server	Version 2008 sp4
Microsoft Sql Server	Version 2012 sp4
Microsoft Sql Server	Version 2014 sp3
Microsoft Sql Server	Version 2016 sp3
Microsoft Sql Server	Version 2017
Microsoft Sql Server	Version 2019
Microsoft Sql Server	Version 2022

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528

Source: secure@microsoft.com

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.