Heap Based Buffer Overflow in SAP SAPCAR by SAP
CVE-2017-8852

7.8HIGH

Key Information:

Vendor

SAP
Status
SAPcar
Vendor
CVE Published:
10 May 2017

What is CVE-2017-8852?

SAP SAPCAR 721.510 is vulnerable to a heap based buffer overflow that can be triggered when processing a specially crafted CAR archive file received from an untrusted source. The exploit occurs due to the arbitrary length of data written, which can lead to unexpected behavior and potential malicious execution. It is strongly recommended to apply SAP Security Note 2441560 to mitigate this vulnerability.

References

https://www.coresecurity.com/advisories/sap-sapcar-heap-b...
x_refsource_MISC
https://www.exploit-db.com/exploits/41991/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/98350
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.