8.8

CVE-2024-28929

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Data is provided by the National Vulnerability Database (NVD)
MicrosoftSql Server 2019 HwPlatformx64 Version >= 15.0.2000.5 < 15.0.2110.4
MicrosoftSql Server 2019 HwPlatformx64 Version >= 15.0.4003.23 < 15.0.4360.2
MicrosoftSql Server 2022 HwPlatformx64 Version >= 16.0.1000.6 < 16.0.1115.1
MicrosoftSql Server 2022 HwPlatformx64 Version >= 16.0.4003.1 < 16.0.4120.1
MicrosoftOdbc Driver For Sql Server SwPlatformlinux Version >= 17 < 17.10.6.1
MicrosoftOdbc Driver For Sql Server SwPlatformmacos Version >= 17 < 17.10.6.1
MicrosoftOdbc Driver For Sql Server SwPlatformwindows Version >= 17.0.1.1 < 17.10.6.1
MicrosoftOdbc Driver For Sql Server SwPlatformlinux Version >= 18.0 < 18.3.3.1
MicrosoftOdbc Driver For Sql Server SwPlatformmacos Version >= 18.0 < 18.3.3.1
MicrosoftOdbc Driver For Sql Server SwPlatformwindows Version >= 18.0.1.1 < 18.3.3.1
MicrosoftVisual Studio 2019 Version >= 16.0 < 16.11.35
MicrosoftVisual Studio 2022 Version >= 17.4.0 < 17.4.18
MicrosoftVisual Studio 2022 Version >= 17.6.0 < 17.6.14
MicrosoftVisual Studio 2022 Version >= 17.8.0 < 17.8.9
MicrosoftVisual Studio 2022 Version >= 17.9.0 < 17.9.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.36% 0.844
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secure@microsoft.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.