
Cloud Vulnerability DB
A community-led vulnerabilities database
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability (CVE-2023-29349) was disclosed on June 15, 2023. This vulnerability affects multiple versions of Microsoft ODBC Driver for SQL Server across Linux, macOS, and Windows platforms, specifically versions from 17.0.1.1 up to 17.10.4.1 (NVD).
The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Microsoft has identified this as being related to Integer Underflow (Wrap or Wraparound) vulnerability (CWE-191) (NVD).
The vulnerability could allow remote code execution if successfully exploited. The attack requires a malicious server to send malicious data to compromise a client, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Tech Community).
Microsoft has released hotfix packages to address this vulnerability. The fixes are included in SQL Server 2019 CU21 and SQL Server 2022 CU5. For standalone applications, updates are available for Microsoft ODBC Driver 17.10.4, 18.2.2, and Microsoft OLE DB Driver 18.6.6, 19.3.1 for SQL Server. Linux and macOS packages can be updated via package managers (Tech Community).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."