Stack-Based Buffer Overflow in SAP SQL Anywhere Data Provider
CVE-2014-9264

Currently unrated

Key Information:

Vendor: SAP
Status: Sql Anywhere
Vendor: CVE Published:; 11 December 2014

What is CVE-2014-9264?

A stack-based buffer overflow vulnerability exists in the .NET Data Provider for SAP SQL Anywhere. This flaw allows remote attackers to execute arbitrary code on affected systems by exploiting a crafted column alias. Successful exploitation could lead to unauthorized actions and compromising of system integrity, highlighting the necessity for timely updates and implementation of security best practices.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-413/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-412/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-414/

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Dec 4, 2014