CVE-2015-2278 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-2278 Interim 1 14 2025-03-25T01:26:52Z current 2021-05-30T13:28:20Z 2025-03-25T01:26:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-2278 The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-March/001951.html E-Mail link for SUSE-SU-2016:0805-1 https://lists.suse.com/pipermail/sle-security-updates/2016-March/001953.html E-Mail link for SUSE-SU-2016:0807-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15 SP1 SUSE Linux Enterprise Module for SAP Applications 15 SP2 SUSE Linux Enterprise Module for SAP Applications 15 SP3 SUSE Linux Enterprise Module for SAP Applications 15 SP4 clamsap clamsap-0.101.9-4.3.1 clamsap-0.98.9-0.7.1 clamsap-0.98.9-4.1 clamsap-0.99.25-1.8 clamsap-0.99.25-2.37 clamsap-0.99.25-2.37 as a component of SUSE Linux Enterprise Module for SAP Applications 15 clamsap-0.99.25-2.37 as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP1 clamsap-0.99.25-2.37 as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP2 clamsap-0.101.9-4.3.1 as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP3 clamsap-0.101.9-4.3.1 as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP4 clamsap-0.98.9-0.7.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 clamsap-0.98.9-4.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 clamsap-0.99.25-1.8 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 clamsap as a component of SUSE Linux Enterprise Module for SAP Applications 15 clamsap as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP1 clamsap as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP2 The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. CVE-2015-2278 SUSE Linux Enterprise Module for SAP Applications 15:clamsap-0.99.25-2.37 SUSE Linux Enterprise Module for SAP Applications 15 SP1:clamsap-0.99.25-2.37 SUSE Linux Enterprise Module for SAP Applications 15 SP2:clamsap-0.99.25-2.37 SUSE Linux Enterprise Module for SAP Applications 15 SP3:clamsap-0.101.9-4.3.1 SUSE Linux Enterprise Module for SAP Applications 15 SP4:clamsap-0.101.9-4.3.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:clamsap-0.98.9-0.7.1 SUSE Linux Enterprise Server for SAP Applications 12:clamsap-0.98.9-4.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamsap-0.99.25-1.8 SUSE Linux Enterprise Module for SAP Applications 15 SP1:clamsap SUSE Linux Enterprise Module for SAP Applications 15 SP2:clamsap SUSE Linux Enterprise Module for SAP Applications 15:clamsap moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P