PT-2008-1112 · Icu+1 · International Components For Unicode+1

Published

2008-01-25

Updated

2018-10-15

CVE-2007-4771

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) versions 3.8.1 and earlier

Description The issue is related to a heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu. This allows context-dependent attackers to cause a denial of service and possibly have other impacts via a regular expression that writes a large amount of data to the backtracking stack. The vulnerability can also be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For International Components for Unicode (ICU) versions 3.8.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-09603

CVE-2007-4771

DSA-1511-1

RHSA-2008:0090

RHSA-2008_0090

Affected Products

International Components For Unicode

Red Hat

PT-2008-1112 · Icu+1 · International Components For Unicode+1

CVE-2007-4771

Weakness Enumeration

Related Identifiers

Affected Products

References · 48