Vulnerability Details CVE-2017-8852
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/98350
- https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
- https://www.exploit-db.com/exploits/41991/
- http://www.securityfocus.com/bid/98350
- https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
- https://www.exploit-db.com/exploits/41991/