CVE-2022-35299: Buffer Overflow
First published: Tue Oct 11 2022(Updated: )
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Sap Iq | =16.1 | |
| SAP SQL Anywhere | =17.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-35299?
CVE-2022-35299 is a vulnerability in SAP SQL Anywhere version 17.0 and SAP IQ version 16.1 that allows an attacker to cause a memory corruption through logical errors in memory management, such as a stack-based buffer overflow.
How severe is CVE-2022-35299?
CVE-2022-35299 has a severity rating of 9.8 out of 10, which is considered critical.
Which software versions are affected by CVE-2022-35299?
SAP SQL Anywhere version 17.0 and SAP IQ version 16.1 are affected by CVE-2022-35299.
How can an attacker exploit CVE-2022-35299?
An attacker can leverage logical errors in memory management to exploit CVE-2022-35299 and cause a memory corruption, such as a stack-based buffer overflow.
Are there any references for CVE-2022-35299?
Yes, you can find more information about CVE-2022-35299 in the following references: [SAP Note 3232021](https://launchpad.support.sap.com/#/notes/3232021) and [SAP document](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).
- collector/nvd-index
- vendor/sap
- canonical/sap sap iq
- version/sap sap iq/16.1
- canonical/sap sql anywhere
- version/sap sql anywhere/17.0