HIGH🇬🇧 English

CVE-2017-8852

CVSS 7.8v3.0pub. 2017-05-10upd. 2026-05-13

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Sap Sapcar

    APP
    Sap
    721.510
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2022-26100CRITICAL9.8ten sam produkt

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SA...

CVE-2016-5845MEDIUM5.5ten sam produkt

SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attac...

CVE-2025-42999CRITICAL9.1⚠ KEVPL ✓ten sam vendor

SAP NetWeaver Visual Composer — niebezpieczna deserializacja treści

CVE-2025-31324CRITICAL10.0⚠ KEVPL ✓ten sam vendor

SAP NetWeaver: nieautoryzowany upload plików wykonywalnych w Visual Composer

CVE-2022-22536CRITICAL10.0⚠ KEVten sam vendor

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Serve...