CVE-2021-33684

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP and ABAP Platform versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT SAP NetWeaver AS ABAP and ABAP Platform versions KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT SAP NetWeaver AS ABAP and ABAP Platform versions KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 SAP NetWeaver AS ABAP and ABAP Platform versions KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 8.04 SAP NetWeaver AS ABAP and ABAP Platform versions KERNEL 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, 8.04

Description: The issue allows an attacker to send overlong content in the RFC request type, thereby crashing the corresponding work process because of a memory corruption issue. The work process will attempt to restart itself after the crash, and hence the impact on availability is low.

Recommendations: For SAP NetWeaver AS ABAP and ABAP Platform versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, consider restricting the length of content in RFC requests to prevent work process crashes. For SAP NetWeaver AS ABAP and ABAP Platform versions KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, consider restricting the length of content in RFC requests to prevent work process crashes. For SAP NetWeaver AS ABAP and ABAP Platform versions KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, consider restricting the length of content in RFC requests to prevent work process crashes. For SAP NetWeaver AS ABAP and ABAP Platform versions KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 8.04, consider restricting the length of content in RFC requests to prevent work process crashes. For SAP NetWeaver AS ABAP and ABAP Platform versions KERNEL 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, 8.04, consider restricting the length of content in RFC requests to prevent work process crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.