Published: 02/06/2015 Updated: 09/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent malicious users to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap maxdb 7.5
sap netweaver java application server -
sap netweaver rfc sdk -
sap gui -
sap rfc library
sap maxdb 7.6
sap netweaver abap application server -

SAP crypto offers customers choice of remote code execution or denial of service

The Register • Richard Chirgwin • 14 May 2015

Home-baked encryption followed the wrong recipe

Yet another proprietary implementation of a popular protocol has turned up unexpected vulnerabilities, with SAP's data compression software open to remote code execution and denial-of-service exploits. The implementation in question is SAP's code running the popular LZC and LZH compression algorithms. As outlined over at Full Disclosure, CVE-2015-2282 and CVE-2015-2278 is a pair of out-of-bounds reads and writes. As well as a nice bag of SAP products – various Netweaver servers, SDKs, the GUI,...

CVE-2015-2278

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect