Main Vulnerability Database Vulnerabilities #VU6510

#VU6510 Heap-based buffer overflow in SAPCAR - CVE-2017-8852

Published: May 11, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU6510

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-8852

CWE-ID: CWE-122

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
SAPCAR

Software vendor:
SAP

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow when parsing malicious content. A local attacker can submit a specially crafted CAR archive file, trigger memory corruption and execute arbitrary code on the target system with root privileges.

Successful exploitation of this vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability

#VU6510 Heap-based buffer overflow in SAPCAR - CVE-2017-8852

Description

Remediation

External links

Please verify you're human