CVE-2017-8852

HIGH

Sapcar - Memory Corruption

Title source: rule

Description

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · pythondoslinux

https://www.exploit-db.com/exploits/41991

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98350

[Exploit, Third Party Advisory] https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/41991/

Scores

CVSS v3 7.8

EPSS 0.0168

EPSS Percentile 81.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (1)

sap/sapcar

Timeline

Published May 10, 2017

Tracked Since Feb 18, 2026