Remotely Exploitable Vulnerabilities in SAP Compression Algorithms

May 13, 2015


The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities.

Martin Gallo of Core Security Consulting Services found vulnerabilities in the decompression routines of two compression algorithms deployed across SAP’s line of products. SAP uses proprietary implementations of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm.

Read More