Buffer overflow in Sap Netweaver

CVE-2015-2815

Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via…

Vulnerability class: Buffer Overflow

EPSS: 0.035 (87.8th percentile) — read the EPSS interpretation.

Affected products

Sap Netweaver — versions 7.0, 7.40
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20150623 ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_MISC)
20150625 [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS (mailing-list, x_refsource_BUGTRAQ)
73897 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)