Overview
- Description
- A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:sql_server:2016:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "97A4EB92-A4A6-4B22-BB08-8519F492C191"
},
{
"criteria": "cpe:2.3:o:microsoft:sql_server:2016:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6E0BED4C-0F23-4725-9C80-51C52ABD98BC"
},
{
"criteria": "cpe:2.3:o:microsoft:sql_server:2017:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "71370E02-63ED-4EA7-A52F-DC79381EA918"
}
],
"operator": "OR"
}
]
}
]