CVE-2024-0056

CVE-2024-0056

Name

CVE-2024-0056

Description

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056

Type

URI

secure@microsoft.com

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::`	microsoft.data.sqlclient	>= 2.1	< 2.1.7
`cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::`	microsoft.data.sqlclient	>= 3.1	< 3.1.5
`cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::`	microsoft.data.sqlclient	>= 4.0	< 4.0.5
`cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::`	microsoft.data.sqlclient	>= 5.1	< 5.1.3
`cpe:2.3:a:microsoft:sql_server:2022::::::x64:`	sql_server	== None	== 2022
`cpe:2.3:a:microsoft:system.data.sqlclient::::::::`	system.data.sqlclient	>= None	< 4.8.6
`cpe:2.3:a:microsoft:visual_studio_2022::::::::`	visual_studio_2022	>= 17.2	< 17.2.23
`cpe:2.3:a:microsoft:visual_studio_2022::::::::`	visual_studio_2022	>= 17.4	< 17.4.15
`cpe:2.3:a:microsoft:visual_studio_2022::::::::`	visual_studio_2022	>= 17.6	< 17.6.11
`cpe:2.3:a:microsoft:visual_studio_2022::::::::`	visual_studio_2022	>= 17.8	< 17.8.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*

microsoft.data.sqlclient

>= 2.1

< 2.1.7

cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*

microsoft.data.sqlclient

>= 3.1

< 3.1.5

cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*

microsoft.data.sqlclient

>= 4.0

< 4.0.5

cpe:2.3:a:microsoft:microsoft.data.sqlclient:*:*:*:*:*:*:*:*

microsoft.data.sqlclient

>= 5.1

< 5.1.3

cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*

sql_server

== None

== 2022

cpe:2.3:a:microsoft:system.data.sqlclient:*:*:*:*:*:*:*:*

system.data.sqlclient

>= None

< 4.8.6

cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*

visual_studio_2022

>= 17.2

< 17.2.23

cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*

visual_studio_2022

>= 17.4

< 17.4.15

cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*

visual_studio_2022

>= 17.6

< 17.6.11

cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*

visual_studio_2022

>= 17.8

< 17.8.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dotnet7-runtime	edge-community	7.0.15-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-runtime	3.19-community	7.0.15-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-build	edge-community	7.0.115-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-build	3.19-community	7.0.115-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-runtime	edge-community	6.0.26-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-runtime	3.20-community	6.0.26-r0	None	fixed
dotnet6-runtime	3.19-community	6.0.26-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	edge-community	6.0.126-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	3.20-community	6.0.126-r0	None	fixed
dotnet6-build	3.19-community	6.0.126-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed

Source package

Branch

Version

Maintainer

Status

dotnet7-runtime

edge-community

7.0.15-r0

Antoine Martin (ayakael) <dev@ayakael.net>

fixed

dotnet7-runtime

3.19-community