Problem Note 69835: The SGPANEL procedure contains an improper error-handling vulnerability
Severity: High
Description: PROC SGPANEL might produce a stack-trace error when you specify the SYMBOLCHAR statement with an invalid Unicode value that is longer than 8 characters.
Potential Impact: An attacker could use a resulting stack trace to gather information.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | Base SAS | 64-bit Enabled AIX | 9.4_M7 | | 9.4 TS1M7 | |
64-bit Enabled Solaris | 9.4_M7 | | 9.4 TS1M7 | |
HP-UX IPF | 9.4_M7 | | 9.4 TS1M7 | |
Linux for x64 | 9.4_M7 | | 9.4 TS1M7 | |
Solaris for x64 | 9.4_M7 | | 9.4 TS1M7 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
When you use the SGPANEL procedure with a SYMBOLCHAR statement that references an invalid Unicode value, a stack-track error could be produced.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2023-02-15 14:35:43 |
Date Created: | 2023-01-26 11:51:55 |