CVE-2017-8852

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
sapsapcar
721.510
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98350
https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
https://www.exploit-db.com/exploits/41991/
http://www.securityfocus.com/bid/98350
https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
https://www.exploit-db.com/exploits/41991/