Описание
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sap:crystal_reports:2008:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.25557
Средний
10 Critical
CVSS2
Дефекты
CWE-189
Связанные уязвимости
github
больше 3 лет назад
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
EPSS
Процентиль: 96%
0.25557
Средний
10 Critical
CVSS2
Дефекты
CWE-189