CVE-2017-8852

7.8HIGH

Key Information:

Vendor
SAP
Status
SAPcar
Vendor
CVE Published:
10 May 2017

Summary

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.

References

https://www.coresecurity.com/advisories/sap-sapcar-heap-b...
x_refsource_MISC
https://www.exploit-db.com/exploits/41991/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/98350
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.