CVE-2007-1917

4 documents4 sources

Severity

10.0CRITICAL

EPSS

10.1%

top 6.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP RFC Library

Timeline

PublishedApr 10

Latest updateMay 1

Description

Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDsap/rfc_library6.4, 7.0+1

🔴Vulnerability Details

GHSA

GHSA-2qp9-qg33-hhf9: Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6↗2022-05-01

▶

CVEList

CVE-2007-1917: Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6↗2007-04-10

▶

📋Vendor Advisories

Red Hat

glibc: fnmatch() alloca()-based memory corruption flaw↗2010-08-05

▶