CVE-2023-40308: Memory Corruption vulnerability in SAP CommonCryptoLib
First published: Tue Sep 12 2023(Updated: )
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP CommonCryptoLib | =8.0.0 | |
| SAP Content Server | =6.50 | |
| SAP Content Server | =7.53 | |
| SAP Content Server | =7.54 | |
| Sap Extended Application Services And Runtime | =1.0 | |
| SAP HANA Database | =2.0 | |
| Sap Host Agent | =722 | |
| SAP NetWeaver Application Server ABAP | =7.22ext | |
| SAP NetWeaver Application Server ABAP | =kernel_7.22 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.53 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.54 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.77 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.85 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.89 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.91 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.92 | |
| SAP NetWeaver Application Server ABAP | =kernel_7.93 | |
| SAP NetWeaver Application Server ABAP | =kernel_8.04 | |
| SAP NetWeaver Application Server ABAP | =kernel64nuc_7.22 | |
| SAP NetWeaver Application Server ABAP | =kernel64nuc_7.22ext | |
| SAP NetWeaver Application Server ABAP | =kernel64uc_7.22 | |
| SAP NetWeaver Application Server ABAP | =kernel64uc_7.22ext | |
| SAP NetWeaver Application Server ABAP | =kernel64uc_7.53 | |
| SAP NetWeaver Application Server ABAP | =kernel64uc_8.04 | |
| SAP NetWeaver Application Server Java | =kernel_7.22 | |
| SAP NetWeaver Application Server Java | =kernel_7.53 | |
| SAP NetWeaver Application Server Java | =kernel_7.54 | |
| SAP NetWeaver Application Server Java | =kernel_7.77 | |
| SAP NetWeaver Application Server Java | =kernel_7.85 | |
| SAP NetWeaver Application Server Java | =kernel_7.89 | |
| SAP NetWeaver Application Server Java | =kernel_7.91 | |
| SAP NetWeaver Application Server Java | =kernel_7.92 | |
| SAP NetWeaver Application Server Java | =kernel_7.93 | |
| SAP NetWeaver Application Server Java | =kernel_8.04 | |
| SAP NetWeaver Application Server Java | =kernel64nuc_7.22 | |
| SAP NetWeaver Application Server Java | =kernel64nuc_7.22ext | |
| SAP NetWeaver Application Server Java | =kernel64uc_7.22 | |
| SAP NetWeaver Application Server Java | =kernel64uc_7.22ext | |
| SAP NetWeaver Application Server Java | =kernel64uc_7.53 | |
| SAP NetWeaver Application Server Java | =kernel64uc_8.04 | |
| Sap Sapssoext | =17.0 | |
| SAP Web Dispatcher | =7.22ext | |
| SAP Web Dispatcher | =7.53 | |
| SAP Web Dispatcher | =7.54 | |
| SAP Web Dispatcher | =7.77 | |
| SAP Web Dispatcher | =7.85 | |
| SAP Web Dispatcher | =7.89 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-40308?
CVE-2023-40308 is a vulnerability in SAP CommonCryptoLib that allows an unauthenticated attacker to cause a memory corruption error, resulting in a crash of the target component.
How does CVE-2023-40308 affect SAP CommonCryptoLib?
CVE-2023-40308 affects SAP CommonCryptoLib by allowing an unauthenticated attacker to craft a request, which when submitted to an open port, causes a memory corruption error.
What is the severity of CVE-2023-40308?
CVE-2023-40308 has a severity value of 7.5, which is classified as high severity.
Which software products are affected by CVE-2023-40308?
SAP CommonCryptoLib, SAP Content Server, Sap Extended Application Services And Runtime, SAP Hana Database, SAP Host Agent, and SAP NetWeaver Application Server ABAP and Java are among the software products affected by CVE-2023-40308.
How can I mitigate CVE-2023-40308?
Mitigate CVE-2023-40308 by applying the necessary patches or updates provided by SAP and following the recommended security practices.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/sap
- canonical/sap commoncryptolib
- version/sap commoncryptolib/8.0.0
- canonical/sap content server
- version/sap content server/6.50
- version/sap content server/7.53
- version/sap content server/7.54
- canonical/sap extended application services and runtime
- version/sap extended application services and runtime/1.0
- canonical/sap hana database
- version/sap hana database/2.0
- canonical/sap host agent
- version/sap host agent/722
- canonical/sap netweaver application server abap
- version/sap netweaver application server abap/7.22ext
- version/sap netweaver application server abap/kernel_7.22
- version/sap netweaver application server abap/kernel_7.53
- version/sap netweaver application server abap/kernel_7.54
- version/sap netweaver application server abap/kernel_7.77
- version/sap netweaver application server abap/kernel_7.85
- version/sap netweaver application server abap/kernel_7.89
- version/sap netweaver application server abap/kernel_7.91
- version/sap netweaver application server abap/kernel_7.92
- version/sap netweaver application server abap/kernel_7.93
- version/sap netweaver application server abap/kernel_8.04
- version/sap netweaver application server abap/kernel64nuc_7.22
- version/sap netweaver application server abap/kernel64nuc_7.22ext
- version/sap netweaver application server abap/kernel64uc_7.22
- version/sap netweaver application server abap/kernel64uc_7.22ext
- version/sap netweaver application server abap/kernel64uc_7.53
- version/sap netweaver application server abap/kernel64uc_8.04
- canonical/sap netweaver application server java
- version/sap netweaver application server java/kernel_7.22
- version/sap netweaver application server java/kernel_7.53
- version/sap netweaver application server java/kernel_7.54
- version/sap netweaver application server java/kernel_7.77
- version/sap netweaver application server java/kernel_7.85
- version/sap netweaver application server java/kernel_7.89
- version/sap netweaver application server java/kernel_7.91
- version/sap netweaver application server java/kernel_7.92
- version/sap netweaver application server java/kernel_7.93
- version/sap netweaver application server java/kernel_8.04
- version/sap netweaver application server java/kernel64nuc_7.22
- version/sap netweaver application server java/kernel64nuc_7.22ext
- version/sap netweaver application server java/kernel64uc_7.22
- version/sap netweaver application server java/kernel64uc_7.22ext
- version/sap netweaver application server java/kernel64uc_7.53
- version/sap netweaver application server java/kernel64uc_8.04
- canonical/sap sapssoext
- version/sap sapssoext/17.0
- canonical/sap web dispatcher
- version/sap web dispatcher/7.22ext
- version/sap web dispatcher/7.53
- version/sap web dispatcher/7.54
- version/sap web dispatcher/7.77
- version/sap web dispatcher/7.85
- version/sap web dispatcher/7.89