Vulnerability CVE-2017-8852
Published: 2017-05-10

Description:
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.

See advisories in our WLB2 database:
Topic
Author
Date
High
SAP SAPCAR Heap Based Buffer Overflow Vulnerability
SAP
11.05.2017

Type:

CWE-122

 (Heap-based Buffer Overflow)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SAP -> Sapcar 

 References:
http://www.securityfocus.com/bid/98350
https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
Copyright 2024, cxsecurity.com

 

Back to Top