Main Vulnerability Database Vulnerabilities #VU81827

#VU81827 Input validation error in Microsoft products - CVE-2023-36728

Published: October 10, 2023

Vulnerability identifier: #VU81827

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-36728

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft SQL Server
OLE DB Driver
Microsoft ODBC Driver for SQL Server on Linux
Microsoft ODBC Driver for SQL Server on macOS
Microsoft ODBC Driver for SQL Server on Windows

Software vendor:
Microsoft

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Microsoft SQL Server. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728

#VU81827 Input validation error in Microsoft products - CVE-2023-36728

Description

Remediation

External links

Please verify you're human