Описание
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-5845
- https://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/40230
- https://www.onapsis.com/blog/denial-service-attacks-sap-security-notes-august-2016
- http://packetstormsecurity.com/files/138284/SAP-CAR-Archive-Tool-Denial-Of-Service-Security-Bypass.html
- http://seclists.org/fulldisclosure/2016/Aug/46
- http://www.securityfocus.com/archive/1/539180/100/0/threaded
- http://www.securityfocus.com/bid/92406
Связанные уязвимости
CVSS3: 5.5
nvd
больше 9 лет назад
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.