Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Standalone enqueue server crashes, SAP security note 948457

Description

The standalone enqueue server crashes. In one of the dev_enqio_* files, the system displays the following C-stack:

(strcpyU16+0x191)[0x4e48c7]
(_ZN20EnAdmGetFileResponseC1EP19EnAdmGetFileRequestiPKt+0xa1)[0x44e5ab]
(_ZN19EnAdmGetFileRequestC1EP9EnsMemObj+0xdb)[0x44b443]
(_ZN12EnAdmRequest13createRequestEP9EnsMemObjmb+0x416)[0x44a744]
(_ZN8IOThread13createRequestER6EncMsg+0x32e)[0x4654fa]
(_ZN8IOThread7WalkNetEi+0xd4)[0x46564e]
(_ZN8IOThread4LoopEv+0x195)[0x466cf7]
(_ZN9EnsThread10ThreadMainEPv+0x4a)[0x4612b0]

(Depending on the platform, the C-stack output varies. The example above was created on Linux-X86_64).

Available fix and Supported packages

  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 700

Affected component

    BC-CST-EQ
    Enqueue

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/948457

TAGS

#

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,