PT-2024-8558 · Microsoft · Sql Server 2017+5
Published
2024-11-12
·
Updated
2025-07-10
·
CVE-2024-49000
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft SQL Server Native Client versions prior to the fixed version
Microsoft SQL Server 2016 through 2019
Description
The issue is related to a buffer overflow in the dynamic memory of the Microsoft SQL Server Native Client component. This can allow a remote attacker to execute arbitrary code. There is an urgent need for patching to mitigate the risk of remote exploitation.
Recommendations
For Microsoft SQL Server Native Client versions prior to the fixed version, apply the necessary patch to fix the buffer overflow issue.
For Microsoft SQL Server 2016 through 2019, verify and deploy the patch across all impacted SQL Server instances to prevent remote exploitation.
As a temporary workaround, consider restricting access to the Native Client component until a patch is available.
Fix
RCE
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sql Server 2016
Sql Server 2017
Sql Server 2018
Sql Server 2019
Sql Server Native Client
Sql Server