CVE-2023-21704

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft SQL Server 2017 (GDR)14.0.0 < 14.0.2047.8affected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 (GDR)12.0.0 < 12.0.6444.4affected
MicrosoftMicrosoft SQL Server 2014 Service Pack 3 (CU 4)12.0.0 < 12.0.6174.8affected
MicrosoftMicrosoft SQL Server 2019 (GDR)15.0.0 < 15.0.2101.7affected
MicrosoftMicrosoft SQL Server 2016 Service Pack 3 (GDR)13.0.0 < 13.0.6430.49affected
MicrosoftMicrosoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack13.0.0 < 13.0.7024.30affected
MicrosoftMicrosoft SQL Server 2019 (CU 18)15.0.0 < 15.0.4280.7affected
MicrosoftMicrosoft SQL Server 2017 (CU 31)14.0.0 < 14.0.3460.9affected
MicrosoftMicrosoft SQL Server 2022 (GDR)16.0.0 < 16.0.1050.5affected

Weaknesses

  • CWE-190: CWE-190: Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

References