What is CVE-2023-40308?

CVE-2023-40308 is a vulnerability in SAP CommonCryptoLib that allows an unauthenticated attacker to cause a memory corruption error, resulting in a crash of the target component.

What is the severity of CVE-2023-40308?

CVE-2023-40308 has a severity value of 7.5, which is classified as high severity.

Which software products are affected by CVE-2023-40308?

SAP CommonCryptoLib, SAP Content Server, Sap Extended Application Services And Runtime, SAP Hana Database, SAP Host Agent, and SAP NetWeaver Application Server ABAP and Java are among the software products affected by CVE-2023-40308.

How can I mitigate CVE-2023-40308?

Mitigate CVE-2023-40308 by applying the necessary patches or updates provided by SAP and following the recommended security practices.

Vulnerability/
CVE-2023-40308

high

7.5

CWE

476

12/9/2023

15/9/2023

CVE-2023-40308: Null Pointer Dereference

First published: Tue Sep 12 2023(Updated: )

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
SAP CommonCryptoLib	=8.0.0
SAP Content Server	=6.50
SAP Content Server	=7.53
SAP Content Server	=7.54
Sap Extended Application Services And Runtime	=1.0
SAP HANA Database	=2.0
Sap Host Agent	=722
SAP NetWeaver Application Server ABAP	=7.22ext
SAP NetWeaver Application Server ABAP	=kernel_7.22
SAP NetWeaver Application Server ABAP	=kernel_7.53
SAP NetWeaver Application Server ABAP	=kernel_7.54
SAP NetWeaver Application Server ABAP	=kernel_7.77
SAP NetWeaver Application Server ABAP	=kernel_7.85
SAP NetWeaver Application Server ABAP	=kernel_7.89
SAP NetWeaver Application Server ABAP	=kernel_7.91
SAP NetWeaver Application Server ABAP	=kernel_7.92
SAP NetWeaver Application Server ABAP	=kernel_7.93
SAP NetWeaver Application Server ABAP	=kernel_8.04
SAP NetWeaver Application Server ABAP	=kernel64nuc_7.22
SAP NetWeaver Application Server ABAP	=kernel64nuc_7.22ext
SAP NetWeaver Application Server ABAP	=kernel64uc_7.22
SAP NetWeaver Application Server ABAP	=kernel64uc_7.22ext
SAP NetWeaver Application Server ABAP	=kernel64uc_7.53
SAP NetWeaver Application Server ABAP	=kernel64uc_8.04
SAP NetWeaver Application Server Java	=kernel_7.22
SAP NetWeaver Application Server Java	=kernel_7.53
SAP NetWeaver Application Server Java	=kernel_7.54
SAP NetWeaver Application Server Java	=kernel_7.77
SAP NetWeaver Application Server Java	=kernel_7.85
SAP NetWeaver Application Server Java	=kernel_7.89
SAP NetWeaver Application Server Java	=kernel_7.91
SAP NetWeaver Application Server Java	=kernel_7.92
SAP NetWeaver Application Server Java	=kernel_7.93
SAP NetWeaver Application Server Java	=kernel_8.04
SAP NetWeaver Application Server Java	=kernel64nuc_7.22
SAP NetWeaver Application Server Java	=kernel64nuc_7.22ext
SAP NetWeaver Application Server Java	=kernel64uc_7.22
SAP NetWeaver Application Server Java	=kernel64uc_7.22ext
SAP NetWeaver Application Server Java	=kernel64uc_7.53
SAP NetWeaver Application Server Java	=kernel64uc_8.04
Sap Sapssoext	=17.0
SAP Web Dispatcher	=7.22ext
SAP Web Dispatcher	=7.53
SAP Web Dispatcher	=7.54
SAP Web Dispatcher	=7.77
SAP Web Dispatcher	=7.85
SAP Web Dispatcher	=7.89

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-40308?
CVE-2023-40308 is a vulnerability in SAP CommonCryptoLib that allows an unauthenticated attacker to cause a memory corruption error, resulting in a crash of the target component.
How does CVE-2023-40308 affect SAP CommonCryptoLib?
CVE-2023-40308 affects SAP CommonCryptoLib by allowing an unauthenticated attacker to craft a request, which when submitted to an open port, causes a memory corruption error.
What is the severity of CVE-2023-40308?
CVE-2023-40308 has a severity value of 7.5, which is classified as high severity.
Which software products are affected by CVE-2023-40308?
SAP CommonCryptoLib, SAP Content Server, Sap Extended Application Services And Runtime, SAP Hana Database, SAP Host Agent, and SAP NetWeaver Application Server ABAP and Java are among the software products affected by CVE-2023-40308.
How can I mitigate CVE-2023-40308?
Mitigate CVE-2023-40308 by applying the necessary patches or updates provided by SAP and following the recommended security practices.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-api
collector/nvd-index
vendor/sap
canonical/sap commoncryptolib
version/sap commoncryptolib/8.0.0
canonical/sap content server
version/sap content server/6.50
version/sap content server/7.53
version/sap content server/7.54
canonical/sap extended application services and runtime
version/sap extended application services and runtime/1.0
canonical/sap hana database
version/sap hana database/2.0
canonical/sap host agent
version/sap host agent/722
canonical/sap netweaver application server abap
version/sap netweaver application server abap/7.22ext
version/sap netweaver application server abap/kernel_7.22
version/sap netweaver application server abap/kernel_7.53
version/sap netweaver application server abap/kernel_7.54
version/sap netweaver application server abap/kernel_7.77
version/sap netweaver application server abap/kernel_7.85
version/sap netweaver application server abap/kernel_7.89
version/sap netweaver application server abap/kernel_7.91
version/sap netweaver application server abap/kernel_7.92
version/sap netweaver application server abap/kernel_7.93
version/sap netweaver application server abap/kernel_8.04
version/sap netweaver application server abap/kernel64nuc_7.22
version/sap netweaver application server abap/kernel64nuc_7.22ext
version/sap netweaver application server abap/kernel64uc_7.22
version/sap netweaver application server abap/kernel64uc_7.22ext
version/sap netweaver application server abap/kernel64uc_7.53
version/sap netweaver application server abap/kernel64uc_8.04
canonical/sap netweaver application server java
version/sap netweaver application server java/kernel_7.22
version/sap netweaver application server java/kernel_7.53
version/sap netweaver application server java/kernel_7.54
version/sap netweaver application server java/kernel_7.77
version/sap netweaver application server java/kernel_7.85
version/sap netweaver application server java/kernel_7.89
version/sap netweaver application server java/kernel_7.91
version/sap netweaver application server java/kernel_7.92
version/sap netweaver application server java/kernel_7.93
version/sap netweaver application server java/kernel_8.04
version/sap netweaver application server java/kernel64nuc_7.22
version/sap netweaver application server java/kernel64nuc_7.22ext
version/sap netweaver application server java/kernel64uc_7.22
version/sap netweaver application server java/kernel64uc_7.22ext
version/sap netweaver application server java/kernel64uc_7.53
version/sap netweaver application server java/kernel64uc_8.04
canonical/sap sapssoext
version/sap sapssoext/17.0
canonical/sap web dispatcher
version/sap web dispatcher/7.22ext
version/sap web dispatcher/7.53
version/sap web dispatcher/7.54
version/sap web dispatcher/7.77
version/sap web dispatcher/7.85
version/sap web dispatcher/7.89

CVE-2023-40308: Null Pointer Dereference

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-40308?

How does CVE-2023-40308 affect SAP CommonCryptoLib?

What is the severity of CVE-2023-40308?

Which software products are affected by CVE-2023-40308?

How can I mitigate CVE-2023-40308?

Company

Resources

Contact