SAP SQL Anywhere .NET Data Provider Column Alias Stack Buffer Overflow Code Execution Vulnerability

ID ZDI-14-412
Type zdi
Reporter John Leitch
Modified 2014-11-09T00:00:00


This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere.

The specific flaw exists within the handling of column aliases. If an application allows untrusted input to be used as the column alias in a query, even if the input is correctly filtered against SQL injection, an attacker could overflow a fixed size stack buffer and execute arbitrary code in the context of the application.