CVE-2015-2278

NONECVSS 0.0

0.0

The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

🔗 References (12)

cve@mitrehttp://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html
cve@mitrehttp://seclists.org/fulldisclosure/2015/May/50
cve@mitrehttp://seclists.org/fulldisclosure/2015/May/96
cve@mitrehttp://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities
cve@mitrehttp://www.securityfocus.com/archive/1/535535/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/74643
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/May/50
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/May/96
af854a3a-2127-422b-91ae-364da2661108http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/535535/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74643

Is Your Infrastructure Affected by CVE-2015-2278?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-2278

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-2278?