CVE-2003-0939

3 documents3 sources

Severity

7.5HIGH

EPSS

4.6%

top 10.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP DB

Timeline

PublishedDec 15

Latest updateApr 29

Description

eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsap/sap_db7.4.03.27

Patches

Patch: www.atstake.com ↗Patch: www.atstake.com ↗

🔴Vulnerability Details

GHSA

GHSA-7h93-h3m7-r4mx: eo420_GetStringFromVarPart in veo420↗2022-04-29

▶

CVEList

CVE-2003-0939: eo420_GetStringFromVarPart in veo420↗2003-11-21

▶