CVE-2014-9264

SAP SQL Anywhere .NET Data Provider Malformed Integer Stack Buffer Overflow Code Execution Vulnerability

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.

Desbordamiento de buffer basado en pila en .NET Data Provider en SAP SQL Anywhere permite a atacantes remotos ejecutar código arbitrario a través de un alias de columna manipulado.

This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere.
The specific flaw exists within the handling of a malformed integer constant. If an application allows untrusted input to be used in a query, even if the input is correctly filtered against SQL injection, an attacker could overflow a fixed size stack buffer and execute arbitrary code in the context of the application.

*Credits: John Leitch

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

N/A

Attack Complexity

Low

Authentication

N/A

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-12-04 CVE Reserved
2014-12-09 CVE Published
2024-08-06 CVE Updated
2024-09-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (4)

URL	Tag	Source
http://www.zerodayinitiative.com/advisories/ZDI-14-412	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-413	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-414	X_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-415	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sap Search vendor "Sap"		Sql Anywhere Search vendor "Sap" for product "Sql Anywhere"				*		-		Affected