CVE-2015-2282

Name of the Vulnerable Software and Affected Versions SAP MaxDB versions 7.5 through 7.6 Netweaver Application Server ABAP (affected versions not specified) Netweaver Application Server Java (affected versions not specified) Netweaver RFC SDK (affected versions not specified) GUI (affected versions not specified) RFC SDK (affected versions not specified) SAPCAR archive tool (affected versions not specified)

Description The issue is related to a stack-based buffer overflow in the LZC decompression implementation, specifically in the CsObjectInt::CsDecomprLZC function. This can be exploited by attackers to cause a denial of service or possibly execute arbitrary code. The exploitation vectors are not specified.

Recommendations For SAP MaxDB versions 7.5 through 7.6, update to a version that includes the fix for the CsObjectInt::CsDecomprLZC function issue. For Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, and SAPCAR archive tool, at the moment, there is no information about a newer version that contains a fix for this issue.