CVE-2023-36728: Microsoft SQL Server Denial of Service Vulnerability
First published: Tue Oct 10 2023(Updated: )
Microsoft SQL Server Denial of Service Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft ODBC Driver 18 for SQL Server on Windows | >=17.0<17.10.5.1 | |
| Microsoft ODBC Driver 18 for SQL Server on MacOS | >=17.0<17.10.5.1 | |
| Microsoft SQL Server 2022 (CU 5) | >=17.0<17.10.5.1 | |
| Microsoft ODBC Driver 18 for SQL Server on Windows | >=18.0<18.3.2.1 | |
| Microsoft ODBC Driver 18 for SQL Server on MacOS | >=18.0<18.3.2.1 | |
| Microsoft SQL Server 2022 (CU 5) | >=18.0<18.3.2.1 | |
| Microsoft OLE DB Driver 19 for SQL Server | >=18.0<19.3.0002.0 | |
| Microsoft SQL Server | =2014-sp3 | |
| Microsoft SQL Server | =2016-sp3 | |
| Microsoft SQL Server | =2017 | |
| Microsoft SQL Server | =2019 | |
| Microsoft SQL Server | =2022 | |
| Microsoft SQL Server 2014 (CU 4) | ||
| Microsoft ODBC Driver 17 for SQL Server on MacOS | ||
| Microsoft SQL Server 2019 | ||
| Microsoft ODBC Driver 18 for SQL Server on MacOS | ||
| Microsoft SQL Server 2017 | ||
| Microsoft SQL Server 2014 | ||
| Microsoft ODBC Driver 18 for SQL Server on Linux | ||
| Microsoft SQL Server 2016 | ||
| Microsoft OLE DB Driver 18 for SQL Server | ||
| Microsoft SQL Server 2016 Azure Connect Feature Pack | ||
| Microsoft OLE DB Driver 19 for SQL Server | ||
| Microsoft SQL Server 2022 (CU 8) | ||
| Microsoft ODBC Driver 17 for SQL Server on Linux | ||
| Microsoft SQL Server 2019 (CU 22) | ||
| Microsoft ODBC Driver 17 for SQL Server on Windows | ||
| Microsoft SQL Server 2014 | ||
| Microsoft SQL Server 2014 (CU 4) | ||
| Microsoft ODBC Driver 18 for SQL Server on Windows | ||
| Microsoft SQL Server 2017 (CU 31) | ||
| Microsoft SQL Server 2022 | ||
| Microsoft OLE DB Driver 19 for SQL Server | >=18.0<18.6.0007.0 | |
| Microsoft OLE DB Driver 19 for SQL Server | >=19.0<19.3.0002.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-36728?
CVE-2023-36728 is a Denial of Service vulnerability in Microsoft SQL Server.
How severe is CVE-2023-36728?
CVE-2023-36728 has a severity level of 5.5 (high).
Which versions of Microsoft SQL Server are affected?
Microsoft SQL Server 2017 (CU 31), SQL Server 2022 (CU 8), SQL Server 2017, SQL Server 2014, SQL Server 2019, SQL Server 2016, and SQL Server 2014 (CU 4) are affected.
How do I fix CVE-2023-36728 in Microsoft SQL Server 2017 (CU 31)?
To fix CVE-2023-36728 in Microsoft SQL Server 2017 (CU 31), apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190.
How do I fix CVE-2023-36728 in SQL Server 2022 (CU 8)?
To fix CVE-2023-36728 in SQL Server 2022 (CU 8), apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190.
- collector/nvd-index
- collector/mitre-cve
- agent/author
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/msrc
- source/Microsoft
- collector/msrc-cve
- agent/software-canonical-lookup
- agent/remedy
- agent/title
- agent/severity
- agent/references
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/microsoft
- canonical/microsoft odbc driver 18 for sql server on windows
- version/microsoft odbc driver 18 for sql server on windows/17.0
- canonical/microsoft odbc driver 18 for sql server on macos
- version/microsoft odbc driver 18 for sql server on macos/17.0
- canonical/microsoft sql server 2022 (cu 5)
- version/microsoft sql server 2022 (cu 5)/17.0
- version/microsoft odbc driver 18 for sql server on windows/18.0
- version/microsoft odbc driver 18 for sql server on macos/18.0
- version/microsoft sql server 2022 (cu 5)/18.0
- canonical/microsoft ole db driver 19 for sql server
- version/microsoft ole db driver 19 for sql server/18.0
- canonical/microsoft sql server
- version/microsoft sql server/2014-sp3
- version/microsoft sql server/2016-sp3
- version/microsoft sql server/2017
- version/microsoft sql server/2019
- version/microsoft sql server/2022
- canonical/microsoft sql server 2014 (cu 4)
- canonical/microsoft odbc driver 17 for sql server on macos
- canonical/microsoft sql server 2019
- canonical/microsoft sql server 2017
- canonical/microsoft sql server 2014
- canonical/microsoft odbc driver 18 for sql server on linux
- canonical/microsoft sql server 2016
- canonical/microsoft ole db driver 18 for sql server
- canonical/microsoft sql server 2016 azure connect feature pack
- canonical/microsoft sql server 2022 (cu 8)
- canonical/microsoft odbc driver 17 for sql server on linux
- canonical/microsoft sql server 2019 (cu 22)
- canonical/microsoft odbc driver 17 for sql server on windows
- canonical/microsoft sql server 2017 (cu 31)
- canonical/microsoft sql server 2022
- version/microsoft ole db driver 19 for sql server/19.0