CVE-2024-0056 - OpenCVE

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	.net .net Framework System.data.sqlclient Data Sql Client Microsoft.data.sqlclient Sql Server System.data.sqlclient Visual Studio Visual Studio 2022 Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21h2 Windows 11 22h2 Windows 11 23h2 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2
Redhat	Enterprise Linux Rhel Dotnet

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::
	cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::
	cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::
	cpe:2.3:a:microsoft:microsoft.data.sqlclient::::::::
	cpe:2.3:a:microsoft:sql_server:2022::::::x64:
	cpe:2.3:a:microsoft:sql_server:2022:cumulative_update_10::::::
	cpe:2.3:a:microsoft:system.data.sqlclient::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::
	cpe:2.3:a:microsoft:visual_studio_2022::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:o:microsoft:windows_10_1607:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1607:-::::::x86:
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

OR	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

Configuration 5 [-]

AND

OR	cpe:2.3:o:microsoft:windows_10_1809:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1809:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_21h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_10_21h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_21h2:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x86:
	cpe:2.3:o:microsoft:windows_11_21h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_11_21h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_11_22h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_11_22h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_11_23h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_11_23h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022_23h2:-:::::::*

OR	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.8.1:::::::*

Configuration 6 [-]

AND

OR	cpe:2.3:o:microsoft:windows_10_1809:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1809:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_21h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_10_21h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_21h2:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x86:
	cpe:2.3:o:microsoft:windows_11_21h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_11_21h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_11_22h2:-::::::arm64:
	cpe:2.3:o:microsoft:windows_11_22h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022_23h2:-:::::::*

OR	cpe:2.3:a:microsoft:.net_framework::::::::
	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*

Configuration 7 [-]

AND

OR	cpe:2.3:o:microsoft:windows_10_1607:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1607:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_1809:-::::::arm64:
	cpe:2.3:o:microsoft:windows_10_1809:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1809:-::::::x86:
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*

OR	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

Configuration 8 [-]

AND

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*

cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*

Configuration 9 [-]

OR	cpe:2.3:a:microsoft:.net::::::::
	cpe:2.3:a:microsoft:.net::::::::
	cpe:2.3:a:microsoft:.net:8.0.0:-::::::

Package	CPE	Advisory	Released Date
.NET Core on Red Hat Enterprise Linux
rh-dotnet60-dotnet-0:6.0.126-1.el7_9	cpe:/a:redhat:rhel_dotnet:6.0::el7	RHSA-2024:0255	2024-01-15T00:00:00Z
Red Hat Enterprise Linux 8
dotnet8.0-0:8.0.101-1.el8_9	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0150	2024-01-10T00:00:00Z
dotnet7.0-0:7.0.115-1.el8_9	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0157	2024-01-10T00:00:00Z
dotnet6.0-0:6.0.126-1.el8_9	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:0158	2024-01-10T00:00:00Z
Red Hat Enterprise Linux 9
dotnet7.0-0:7.0.115-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0151	2024-01-10T00:00:00Z
dotnet8.0-0:8.0.101-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0152	2024-01-10T00:00:00Z
dotnet6.0-0:6.0.126-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:0156	2024-01-10T00:00:00Z

References

Link	Providers
https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056
https://nvd.nist.gov/vuln/detail/CVE-2024-0056
https://www.cve.org/CVERecord?id=CVE-2024-0056

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2024-01-09T17:56:58.972Z

Updated: 2024-08-01T17:41:15.885Z

Reserved: 2023-11-22T17:43:06.743Z

Link: CVE-2024-0056

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-09T18:15:46.783

Modified: 2024-05-29T00:15:10.920

Link: CVE-2024-0056

Redhat

Severity : Important

Publid Date: 2024-01-09T00:00:00Z

Links: CVE-2024-0056 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object