Primary

Context

SAP CommonCryptoLib Memory Corruption Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability in SAP CommonCryptoLib allows for memory corruption due to insufficient boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This flaw can cause an application crash, significantly impacting availability. However, there is no effect on confidentiality or integrity.

Impact

Exploitation of this vulnerability can lead to memory corruption and application crashes, causing a denial-of-service condition.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform.

Added: Nov 11, 2025, 1:17 AM

Updated: Nov 11, 2025, 1:17 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.7

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP CommonCryptoLib Memory Corruption Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

SAP CommonCryptoLib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating