CVE-2017-8852

EUVD-2017-17794
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
sapsapcar
721.510
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98350
https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
https://www.exploit-db.com/exploits/41991/
http://www.securityfocus.com/bid/98350
https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability
https://www.exploit-db.com/exploits/41991/