CVE-2023-29349
vulnerability analysis and mitigation

Overview

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability (CVE-2023-29349) was disclosed on June 15, 2023. This vulnerability affects multiple versions of Microsoft ODBC Driver for SQL Server across Linux, macOS, and Windows platforms, specifically versions from 17.0.1.1 up to 17.10.4.1 (NVD).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Microsoft has identified this as being related to Integer Underflow (Wrap or Wraparound) vulnerability (CWE-191) (NVD).

Impact

The vulnerability could allow remote code execution if successfully exploited. The attack requires a malicious server to send malicious data to compromise a client, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Tech Community).

Mitigation and workarounds

Microsoft has released hotfix packages to address this vulnerability. The fixes are included in SQL Server 2019 CU21 and SQL Server 2022 CU5. For standalone applications, updates are available for Microsoft ODBC Driver 17.10.4, 18.2.2, and Microsoft OLE DB Driver 18.6.6, 19.3.1 for SQL Server. Linux and macOS packages can be updated via package managers (Tech Community).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management