First published: Wed May 10 2017(Updated: )
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP SAPCAR Archive Tool | =721.510 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-8852 is categorized as a high-severity vulnerability due to the potential for remote code execution from a crafted CAR archive.
To mitigate CVE-2017-8852, users should upgrade to a patched version of SAPCAR as recommended in SAP Security Note 244.
CVE-2017-8852 is a heap-based buffer overflow vulnerability affecting SAP SAPCAR version 721.510.
Exploitation of CVE-2017-8852 could allow an attacker to execute arbitrary code on the target system, leading to complete system compromise.
CVE-2017-8852 affects SAP SAPCAR version 721.510.