Main Vulnerability Database Vulnerabilities #VU6510

Heap-based buffer overflow in SAPCAR - CVE-2017-8852

Published: May 11, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU6510

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-8852

CWE-ID: CWE-122

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: SAP

Affected software:
SAPCAR

Detailed vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow when parsing malicious content. A local attacker can submit a specially crafted CAR archive file, trigger memory corruption and execute arbitrary code on the target system with root privileges.

Successful exploitation of this vulnerability may result in system compromise.

How to mitigate CVE-2017-8852

Install update from vendor's website.

Sources

https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability

Heap-based buffer overflow in SAPCAR - CVE-2017-8852

Detailed vulnerability description

How to mitigate CVE-2017-8852

Sources

Please verify you're human