CyberSec.Space Logo
Back to CVE Browser

CVE-2015-2282

HIGH
7.5
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile40.76th
PublishedJun 2, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

Affected Platforms (CPE)

πŸ“¦
Sap

Gui

All versions
πŸ“¦
Sap

Maxdb

= 7.5
πŸ“¦
Sap

Maxdb

= 7.6
πŸ“¦
Sap

Netweaver Abap Application Server

All versions
πŸ“¦
Sap

Netweaver Java Application Server

All versions
πŸ“¦
Sap

Netweaver Rfc Sdk

All versions
πŸ“¦
Sap

Rfc Library

All versions

References & Advisories

πŸ”— http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html
πŸ”— http://seclists.org/fulldisclosure/2015/May/50
πŸ”— http://seclists.org/fulldisclosure/2015/May/96
πŸ”— http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities
πŸ”— http://www.securityfocus.com/archive/1/535535/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/74643
πŸ”— http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html
πŸ”— http://seclists.org/fulldisclosure/2015/May/50

Related Vulnerabilities

CVE-2004-128010.0

The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary com...

CVE-2000-107110.0

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote...

CVE-2000-024810.0

The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows r...

CVE-2004-096210.0

Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator a...