CVE-2017-8852: Buffer Overflow
First published: Wed May 10 2017(Updated: )
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP SAPCAR Archive Tool | =721.510 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-8852?
CVE-2017-8852 is categorized as a high-severity vulnerability due to the potential for remote code execution from a crafted CAR archive.
How do I fix CVE-2017-8852?
To mitigate CVE-2017-8852, users should upgrade to a patched version of SAPCAR as recommended in SAP Security Note 244.
What type of vulnerability is CVE-2017-8852?
CVE-2017-8852 is a heap-based buffer overflow vulnerability affecting SAP SAPCAR version 721.510.
What are the potential impacts of exploiting CVE-2017-8852?
Exploitation of CVE-2017-8852 could allow an attacker to execute arbitrary code on the target system, leading to complete system compromise.
Which version of SAP is affected by CVE-2017-8852?
CVE-2017-8852 affects SAP SAPCAR version 721.510.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/sap
- canonical/sap sapcar archive tool
- version/sap sapcar archive tool/721.510