CVE-2023-23375: 
NixOS vulnerability analysis and mitigation

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability (CVE-2023-23375) was disclosed in April 2023. This vulnerability affects Microsoft ODBC and OLE DB components for SQL Server across multiple versions, including versions 17.0 through 17.10.3.1, 18.0 through 18.6.5 for ODBC, and versions 18.0 through 18.2.1.1, 19.1.0 through 19.3.0 for OLE DB (NVD).

The vulnerability has been assigned a CVSSv3 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires local access and user interaction, but no privileges are needed for exploitation. When successfully exploited, it can lead to complete compromise of confidentiality, integrity, and availability of the target system (Rapid7).

If successfully exploited, this vulnerability allows an attacker to execute remote code on the affected system, potentially gaining complete control over the target system. The high CVSS score of 7.8 indicates significant potential impact on system security, affecting confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to update to the latest versions of affected ODBC and OLE DB drivers. For SQL Server 2017 environments where ODBC Driver 13 cannot be removed due to SQL Server Agent dependencies, Microsoft has provided specific guidance through security updates (Microsoft Q&A).