Unrated severityNVD Advisory· Published Aug 15, 2012· Updated Apr 29, 2026

CVE-2012-4341

Description

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.

Affected products

SAP/Netweaver Abap3 versions
cpe:2.3:a:sap:netweaver_abap:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:sap:netweaver_abap:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_abap:7.02:sp6:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_abap:7.03:sp4:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/49744nvdVendor Advisory
scn.sap.com/docs/DOC-8218nvd
www.securitytracker.com/idnvd
www.zerodayinitiative.com/advisories/ZDI-12-104/nvd
www.zerodayinitiative.com/advisories/ZDI-12-111/nvd
www.zerodayinitiative.com/advisories/ZDI-12-112/nvd
service.sap.com/sap/support/notes/1649838nvd
websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htmnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000