CVE-2017-8852

HIGH

Sapcar - Memory Corruption

Title source: rule

Description

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · pythondoslinux

https://www.exploit-db.com/exploits/41991

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/41991/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98350

Scores

CVSS v3 7.8

EPSS 0.0168

EPSS Percentile 82.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

sap/sapcar 721.510

Published May 10, 2017

Tracked Since Feb 18, 2026