PT-2022-22698 · Sap · Sap Sql Anywhere+1
Published
2022-10-11
·
Updated
2023-05-31
·
CVE-2022-35299
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP SQL Anywhere version 17.0
SAP IQ version 16.1
Description
The issue allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as a Stack-based buffer overflow. This can potentially lead to remote code execution.
Recommendations
For SAP SQL Anywhere version 17.0, update to a version that addresses the memory management issues to prevent stack-based buffer overflow.
For SAP IQ version 16.1, update to a version that addresses the memory management issues to prevent stack-based buffer overflow.
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Iq
Sap Sql Anywhere