PT-2017-14806 · Icu+1 · International Components For Unicode (Icu) For C/C+++1

Publicado

2017-12-10

·

Atualizado

2019-04-23

·

CVE-2017-17484

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) for C/C++ versions prior to 60.2
Description The issue is related to the ucnv UTF8FromUTF8 function in ucnv u8.cpp, which mishandles ucnv convertEx calls for UTF-8 to UTF-8 conversion. This can be exploited by remote attackers to cause a denial of service, resulting in a stack-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted string.
Recommendations For International Components for Unicode (ICU) for C/C++ versions prior to 60.2, update to version 60.2 or later to resolve the issue.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-17484
OPENSUSE-SU-2018_1422-1
SUSE-SU-2018:1401-1
SUSE-SU-2018:1401-2
SUSE-SU-2018:1602-1

Produtos afetados

International Components For Unicode (Icu) For C/C++
Suse