CVE-2023-29356: 
vulnerability analysis and mitigation

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability (CVE-2023-29356) was disclosed on June 15, 2023. This vulnerability affects multiple versions of Microsoft ODBC Driver for SQL Server across Windows, Linux, and macOS platforms, specifically versions from 17.0.1.1 up to (excluding) 17.10.4.1 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Microsoft has classified this as a Use After Free (CWE-416) vulnerability (NVD).

The vulnerability could allow remote code execution when a malicious server sends malicious data to compromise a client. This affects the security of applications using the vulnerable ODBC driver versions (Microsoft Tech).

Microsoft has released hotfix packages to address this vulnerability. The fixes are available in Microsoft ODBC Driver 17.10.4 and 18.2.2 for SQL Server. These driver updates are also included in SQL Server 2019 CU21 and SQL Server 2022 CU5. Users are advised to update their drivers, especially in scenarios where connections to external servers are possible (Microsoft Tech).