3 matches found
CVE-2022-41205
Technical details (affected products/versions/root cause/mitigation/patch specifics) are not publicly provided in the connected documents. Monitor for updates from SAP and security advisories.
CVE-2015-2282
CVE-2015-2282 is a stack-based buffer overflow in SAP’s LZC/LZH decompression code used across SAP MaxDB 7.5/7.6, NetWeaver AS ABAP/Java, RFC/GUI SDKs, SAPCAR, and related tools. The flaw (CsObjectInt::CsDecomprLZC and related LZH handling) can cause denial of service (crash) and may allow arbitr...
CVE-2015-2278
CVE-2015-2278 and CVE-2015-2282 affect SAP products via the LZH/LZC decompression paths. The root causes are in the LZH BuildHufTree function (vpa108csulzh.cpp) and the LZC decompression logic (vpa106cslzc.cpp), where attacker-controlled indices can trigger out-of-bounds reads/writes. Affected so...