A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-16-024] SAP SQL Anywhere MobiLink Synchronization Server – buffer overflow vulnerability

Application: SAP SQL Anywhere MobiLink Synchronization Server 17
Vendor URL: SAP
Bug: Buffer overflow
Reported: 01.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 14.06.2016
Reference: SAP Security Note 2308778
Author: Vahagn Vardanyan(ERPScan)


Class: Buffer overflow
Impact: Denial of Service, Uncontrolled Resource consumption, Resource Exhaustion
Remotely Exploitable: Yes
Locally Exploitable: No

CVSS Information

CVSS Base Score v3: 4.9 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) High (H)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality None (N)
I: Impact to Integrity None (N)
A: Impact to Availability High (H)


An attacker can trigger a condition in which a process ceases to run. This condition can be intentionally provoked by the attacker to cause a denial of service.

Business risk

An attacker can use a Buffer overflow vulnerability to inject specially crafted code into a working memory which will be executed by a vulnerable application. Executed commands will run with the same privileges as the service that executed the command. It can lead to taking complete control of the application, denial of service, command execution, and other attacks. In case of command execution, the attacker can obtain critical technical and business-related information stored in a vulnerable SAP system or use it for privilege escalation. Speaking about denial of service, terminating a process of the vulnerable component is possible. For this time nobody can use this service, this fact negatively influences on business processes, system downtime and, as a result, business reputation.


SAP SQL Anywhere MobiLink Synchronization Server 17
Other versions are probably affected too, but they were not checked.


To correct this vulnerability, install SAP Security Note 2308778


Proof of Concept

import socket
PoC =

for i in range(5):
s = socket.socket()
s.connect((IP, PORT))
result = s.recv(1024)