CVE-2021-33684

Summary

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP and ABAP Platform< KRNL32NUC 7.21affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.21EXTaffected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.22affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.22EXTaffected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< KRNL32UC 7.21affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< KRNL64NUC 7.21affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.49affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< KRNL64UC 8.04affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.21affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.53affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< KERNEL 8.04affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.77affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.81affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 7.84affected

Weaknesses

  • CWE-787: Memory Corruption (CWE-787)

ADP Enrichment

CVE Program Container

Additional References

References