What is CVE-2023-36728?

CVE-2023-36728 is a Denial of Service vulnerability in Microsoft SQL Server.

How severe is CVE-2023-36728?

CVE-2023-36728 has a severity level of 5.5 (high).

Which versions of Microsoft SQL Server are affected?

Microsoft SQL Server 2017 (CU 31), SQL Server 2022 (CU 8), SQL Server 2017, SQL Server 2014, SQL Server 2019, SQL Server 2016, and SQL Server 2014 (CU 4) are affected.

How do I fix CVE-2023-36728 in Microsoft SQL Server 2017 (CU 31)?

To fix CVE-2023-36728 in Microsoft SQL Server 2017 (CU 31), apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190.

How do I fix CVE-2023-36728 in SQL Server 2022 (CU 8)?

To fix CVE-2023-36728 in SQL Server 2022 (CU 8), apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190.

Vulnerability/
CVE-2023-36728

medium

5.5

CWE

125

10/10/2023

2/8/2024

CVE-2023-36728: Microsoft SQL Server Denial of Service Vulnerability

First published: Tue Oct 10 2023(Updated: )

Microsoft SQL Server Denial of Service Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft ODBC Driver 17 for SQL Server on MacOS		fix available externally
Microsoft ODBC Driver 18 for SQL Server on MacOS		fix available externally
Microsoft ODBC Driver 18 for SQL Server on Linux		fix available externally
Microsoft OLE DB Driver 18 for SQL Server		fix available externally
Microsoft OLE DB Driver 19 for SQL Server		fix available externally
Microsoft ODBC Driver 17 for SQL Server on Linux		fix available externally
Microsoft ODBC Driver 17 for SQL Server on Windows		fix available externally
Microsoft ODBC Driver 18 for SQL Server on Windows		fix available externally
Microsoft SQL Server 2014		fix available externally
Microsoft SQL Server 2017		fix available externally
Microsoft SQL Server 2014 (CU 4)		fix available externally
Microsoft SQL Server 2014		fix available externally
Microsoft SQL Server 2016		fix available externally
Microsoft SQL Server 2014 (CU 4)		fix available externally
Microsoft SQL Server 2022		fix available externally
Microsoft SQL Server 2022 (CU 8)		fix available externally
Microsoft SQL Server 2019		fix available externally
Microsoft SQL Server 2017 (CU 31)		fix available externally
Microsoft SQL Server 2016 Azure Connect Feature Pack		fix available externally
Microsoft SQL Server 2019 (CU 22)		fix available externally
Microsoft Odbc Driver For Sql Server	>=17.0<17.10.5.1
Microsoft Odbc Driver For Sql Server	>=17.0<17.10.5.1
Microsoft Odbc Driver For Sql Server	>=17.0<17.10.5.1
Microsoft Odbc Driver For Sql Server	>=18.0<18.3.2.1
Microsoft Odbc Driver For Sql Server	>=18.0<18.3.2.1
Microsoft Odbc Driver For Sql Server	>=18.0<18.3.2.1
Microsoft OLE DB Driver for SQL Server	>=18.0<19.3.0002.0
Microsoft SQL Server	=2014-sp3
Microsoft SQL Server	=2016-sp3
Microsoft SQL Server	=2017
Microsoft SQL Server	=2019
Microsoft SQL Server	=2022
Microsoft OLE DB Driver for SQL Server	>=18.0<18.6.0007.0
Microsoft OLE DB Driver for SQL Server	>=19.0<19.3.0002.0

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 (Advisory)

Frequently Asked Questions

What is CVE-2023-36728?
CVE-2023-36728 is a Denial of Service vulnerability in Microsoft SQL Server.
How severe is CVE-2023-36728?
CVE-2023-36728 has a severity level of 5.5 (high).
Which versions of Microsoft SQL Server are affected?
Microsoft SQL Server 2017 (CU 31), SQL Server 2022 (CU 8), SQL Server 2017, SQL Server 2014, SQL Server 2019, SQL Server 2016, and SQL Server 2014 (CU 4) are affected.
How do I fix CVE-2023-36728 in Microsoft SQL Server 2017 (CU 31)?
To fix CVE-2023-36728 in Microsoft SQL Server 2017 (CU 31), apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190.
How do I fix CVE-2023-36728 in SQL Server 2022 (CU 8)?
To fix CVE-2023-36728 in SQL Server 2022 (CU 8), apply the patch available at https://www.microsoft.com/download/details.aspx?familyid=133ae486-39ae-43a4-a2b8-248af9727190.

agent/author
agent/type
agent/first-publish-date
collector/msrc
source/Microsoft
collector/msrc-cve
agent/software-canonical-lookup
agent/remedy
agent/title
agent/severity
agent/references
agent/description
agent/event
agent/weakness
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft odbc driver 17 for sql server on macos
canonical/microsoft odbc driver 18 for sql server on macos
canonical/microsoft odbc driver 18 for sql server on linux
canonical/microsoft ole db driver 18 for sql server
canonical/microsoft ole db driver 19 for sql server
canonical/microsoft odbc driver 17 for sql server on linux
canonical/microsoft odbc driver 17 for sql server on windows
canonical/microsoft odbc driver 18 for sql server on windows
canonical/microsoft sql server 2014
canonical/microsoft sql server 2017
canonical/microsoft sql server 2014 (cu 4)
canonical/microsoft sql server 2016
canonical/microsoft sql server 2022
canonical/microsoft sql server 2022 (cu 8)
canonical/microsoft sql server 2019
canonical/microsoft sql server 2017 (cu 31)
canonical/microsoft sql server 2016 azure connect feature pack
canonical/microsoft sql server 2019 (cu 22)
canonical/microsoft odbc driver for sql server
version/microsoft odbc driver for sql server/17.0
version/microsoft odbc driver for sql server/18.0
canonical/microsoft ole db driver for sql server
version/microsoft ole db driver for sql server/18.0
canonical/microsoft sql server
version/microsoft sql server/2014-sp3
version/microsoft sql server/2016-sp3
version/microsoft sql server/2017
version/microsoft sql server/2019
version/microsoft sql server/2022
version/microsoft ole db driver for sql server/19.0