CVE-2022-22533: Use After Free
First published: Wed Feb 09 2022(Updated: )
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server Java | =7.22 | |
| SAP NetWeaver Application Server Java | =7.49 | |
| SAP NetWeaver Application Server Java | =7.53 | |
| SAP NetWeaver Application Server Java | =krnl64nuc_7.22 | |
| SAP NetWeaver Application Server Java | =krnl64nuc_7.22ext | |
| SAP NetWeaver Application Server Java | =krnl64nuc_7.49 | |
| SAP NetWeaver Application Server Java | =krnl64uc_7.22 | |
| SAP NetWeaver Application Server Java | =krnl64uc_7.22ext | |
| SAP NetWeaver Application Server Java | =krnl64uc_7.49 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-22533?
The severity of CVE-2022-22533 is high with a severity value of 7.5.
Which versions of SAP NetWeaver Application Server Java are affected by CVE-2022-22533?
CVE-2022-22533 affects SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.49, 7.53, and KERNEL 7.22, 7.49, 7.53.
What is the vulnerability description of CVE-2022-22533?
CVE-2022-22533 is a vulnerability in SAP NetWeaver Application Server Java that allows an attacker to submit multiple HTTP server requests causing memory buffer consumption.
How can I fix CVE-2022-22533?
To fix CVE-2022-22533, it is recommended to apply the necessary patches and updates provided by SAP.
Where can I find more information about CVE-2022-22533?
More information about CVE-2022-22533 can be found in the SAP notes at https://launchpad.support.sap.com/#/notes/3123427 and the document at https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver application server java
- version/sap netweaver application server java/7.22
- version/sap netweaver application server java/7.49
- version/sap netweaver application server java/7.53
- version/sap netweaver application server java/krnl64nuc_7.22
- version/sap netweaver application server java/krnl64nuc_7.22ext
- version/sap netweaver application server java/krnl64nuc_7.49
- version/sap netweaver application server java/krnl64uc_7.22
- version/sap netweaver application server java/krnl64uc_7.22ext
- version/sap netweaver application server java/krnl64uc_7.49