CVE-2016-10310

MEDIUM

SAP Sql Anywhere < 17.0 - Memory Corruption

Title source: rule

Description

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times, aka SAP Security Note 2308778.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91197

[Third Party Advisory] https://erpscan.io/advisories/erpscan-16-024-sap-sql-anywhere-mobilink-synchronization-server-buffer-overflow/

Scores

CVSS v3 4.9

EPSS 0.0348

EPSS Percentile 87.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status published

Affected Products (2)

sap/sql_anywhere < 17.0

n/a/n/a

Timeline

Published Apr 10, 2017

Tracked Since Feb 18, 2026