What is CVE-2023-29349?

CVE-2023-29349 is a remote code execution vulnerability in Microsoft ODBC and OLE DB.

How does CVE-2023-29349 impact Microsoft ODBC and OLE DB?

CVE-2023-29349 allows remote attackers to execute arbitrary code on systems where vulnerable versions of Microsoft ODBC and OLE DB are installed.

Which software products are affected by CVE-2023-29349?

CVE-2023-29349 affects several software products, including ODBC Driver 18 and 17 for SQL Server on Windows, Linux, and macOS, OLE DB Driver 18 and 19 for SQL Server, and SQL Server 2022 (CU 5) and 2019 (CU 21).

What is the severity rating of CVE-2023-29349?

CVE-2023-29349 has a severity rating of 7.8, which is considered as high severity.

How can I fix CVE-2023-29349?

To fix CVE-2023-29349, update your Microsoft ODBC and OLE DB software to the latest version provided by Microsoft.

Vulnerability/
CVE-2023-29349

high

7.8

15/6/2023

9/1/2024

CVE-2023-29349: Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

First published: Thu Jun 15 2023(Updated: )

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Visual Studio 2022	=17.2	fix available externally
Microsoft Visual Studio 2022	=17.4	fix available externally
Microsoft OLE DB Driver 19 for SQL Server		fix available externally
Microsoft OLE DB Driver 18 for SQL Server		fix available externally
Microsoft SQL Server 2019 (CU 21)		fix available externally
Microsoft SQL Server 2022 (CU 5)		fix available externally
Microsoft Visual Studio 2019 (includes 16.0 - 16.10)	=16.11	fix available externally
Microsoft ODBC Driver 17 for SQL Server on Windows		fix available externally
Microsoft ODBC Driver 17 for SQL Server on Linux		fix available externally
Microsoft ODBC Driver 17 for SQL Server on MacOS		fix available externally
Microsoft ODBC Driver 18 for SQL Server on Windows		fix available externally
Microsoft ODBC Driver 18 for SQL Server on Linux		fix available externally
Microsoft ODBC Driver 18 for SQL Server on MacOS		fix available externally
Microsoft Visual Studio 2022	=17.8	fix available externally
Microsoft ODBC Driver 18 for SQL Server on Windows	>=17.0.1.1<17.10.4.1
Microsoft ODBC Driver 18 for SQL Server on MacOS	>=17.0.1.1<17.10.4.1
Microsoft SQL Server 2022 (CU 5)	>=17.0.1.1<17.10.4.1
Microsoft ODBC Driver 18 for SQL Server on Windows	>=18.0.1.1<18.2.1.1
Microsoft ODBC Driver 18 for SQL Server on MacOS	>=18.0.1.1<18.2.1.1
Microsoft SQL Server 2022 (CU 5)	>=18.0.1.1<18.2.1.1
Microsoft OLE DB Driver 19 for SQL Server	>=18.0.2<18.6.0006.0
Microsoft OLE DB Driver 19 for SQL Server	>=19.0.0<19.3.0001.0
Microsoft SQL Server	=2019
Microsoft SQL Server	=2022

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 (Advisory)

Frequently Asked Questions

What is CVE-2023-29349?
CVE-2023-29349 is a remote code execution vulnerability in Microsoft ODBC and OLE DB.
How does CVE-2023-29349 impact Microsoft ODBC and OLE DB?
CVE-2023-29349 allows remote attackers to execute arbitrary code on systems where vulnerable versions of Microsoft ODBC and OLE DB are installed.
Which software products are affected by CVE-2023-29349?
CVE-2023-29349 affects several software products, including ODBC Driver 18 and 17 for SQL Server on Windows, Linux, and macOS, OLE DB Driver 18 and 19 for SQL Server, and SQL Server 2022 (CU 5) and 2019 (CU 21).
What is the severity rating of CVE-2023-29349?
CVE-2023-29349 has a severity rating of 7.8, which is considered as high severity.
How can I fix CVE-2023-29349?
To fix CVE-2023-29349, update your Microsoft ODBC and OLE DB software to the latest version provided by Microsoft.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/mitre-cve
collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/msrc
collector/nvd-index
vendor/microsoft
canonical/microsoft visual studio 2022
version/microsoft visual studio 2022/17.2
version/microsoft visual studio 2022/17.4
canonical/microsoft ole db driver 19 for sql server
canonical/microsoft ole db driver 18 for sql server
canonical/microsoft sql server 2019 (cu 21)
canonical/microsoft sql server 2022 (cu 5)
version/microsoft visual studio 2022/17.6
canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
canonical/microsoft odbc driver 17 for sql server on windows
canonical/microsoft odbc driver 17 for sql server on linux
canonical/microsoft odbc driver 17 for sql server on macos
canonical/microsoft odbc driver 18 for sql server on windows
canonical/microsoft odbc driver 18 for sql server on linux
canonical/microsoft odbc driver 18 for sql server on macos
version/microsoft visual studio 2022/17.8
version/microsoft odbc driver 18 for sql server on windows/17.0.1.1
version/microsoft odbc driver 18 for sql server on macos/17.0.1.1
version/microsoft sql server 2022 (cu 5)/17.0.1.1
version/microsoft odbc driver 18 for sql server on windows/18.0.1.1
version/microsoft odbc driver 18 for sql server on macos/18.0.1.1
version/microsoft sql server 2022 (cu 5)/18.0.1.1
version/microsoft ole db driver 19 for sql server/18.0.2
version/microsoft ole db driver 19 for sql server/19.0.0
canonical/microsoft sql server
version/microsoft sql server/2019
version/microsoft sql server/2022