46,248 questions
is CVE-2022-37434 relevant for ODBC Driver for SQL Server?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 11%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOC%3C/text%3E%3C/svg%3E)
Oliver C
0
Reputation points
Hi,
our Black Duck Binary Analysis reported ODBC Driver for SQL Server as security risk as it contains zlib library version 1.2.11 which contains vulnerability described in CVE-2022-37434.
we would like to ask if this vulnerability is relevant for ODBC driver (if odbc driver uses inflateGetHeader call) and if it is relevant when we can expect new version of ODBC Driver for SQL Server with updated zlib to be released.
Regards,
Cernansky
SAP Business One Developer
Community Center | Not monitored
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 2%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESX%3C/text%3E%3C/svg%3E)
Seeya Xi-MSFT 16,586 Reputation points2023-03-24T02:41:47.11+00:00 Hi Oliver C,
Microsoft has not yet provided any information about when an updated version of the driver with an updated zlib library might be released. You can post this question to the feedback site where someone from the product team will see it.
https://feedback.azure.com/d365community/forum/04fe6ee0-3b25-ec11-b6e6-000d3a4f0da0
Best regards,
Seeya
-
Oliver C 0 Reputation points
2023-03-24T07:53:13.6866667+00:00 HI Seeya,
thank you for your answer.
this feedback site looks to be more suited for suggestions and ideas, my questions is more of a security issue.
if possible could you advice who to contact regarding security questions for ODBC Driver? maybe development team?
we just need to know if ODBC Driver is affected by CVE-2022-37434 or not.
Regards,
Oliver
-
Seeya Xi-MSFT 16,586 Reputation points
2023-03-24T08:32:50.14+00:00 Hi @Oliver C,
You could try posting this on the feedback site and someone from the product team might contact the development staff.
Best regards,
Seeya
Sign in to comment
Sign in to answer