PT-2016-6818 · Icu+2 · International Components For Unicode+2

Fernando

Publicado

2016-07-25

Atualizado

2019-04-23

CVE-2016-6293

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) versions prior to 57.1

Description The issue is related to the uloc acceptLanguageFromHTTP function in common/uloc.cpp, which does not ensure that there is a 0 character at the end of a certain temporary array. This allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.

Recommendations For versions prior to 57.1, update to version 57.1 or later to resolve the issue. As a temporary workaround, consider restricting the length of the httpAcceptLanguage argument to prevent out-of-bounds reads.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2016-6293

DLA-615-1

DSA-3725-1

MGASA-2016-0314

OPENSUSE-SU-2018_1422-1

SUSE-SU-2018:1401-1

SUSE-SU-2018:1401-2

SUSE-SU-2018:1602-1

SUSE-SU-2018_1602-1

USN-3227-1

Produtos afetados

International Components For Unicode

Suse

Ubuntu

PT-2016-6818 · Icu+2 · International Components For Unicode+2

CVE-2016-6293

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 80