CVE-2016-10311

critical

Published 2017-04-10 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
sap	netweaver	`7.0`
sap	netweaver	`7.3`
sap	netweaver	`7.4`
sap	netweaver	`7.5`

References

https://erpscan.io/advisories/erpscan-16-030-sap-netweaver-sapstartsrv-stack-based-buffer-overflow/
https://erpscan.io/advisories/erpscan-16-030-sap-netweaver-sapstartsrv-stack-based-buffer-overflow/

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.