CVE-2008-1036

Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) library versions prior to 10.5.3 libicu38 versions (affected versions not specified) lib32icu-dev versions (affected versions not specified) lib32icu38 versions (affected versions not specified) icu-doc versions (affected versions not specified) libicu38-dbg versions (affected versions not specified) libicu-dev versions (affected versions not specified)

Description The issue is related to the International Components for Unicode (ICU) library, which omits some invalid character sequences during conversion of some character encodings. This might allow remote attackers to conduct cross-site scripting (XSS) attacks. The vulnerability can be exploited remotely and may lead to disruption of protected information integrity.

Recommendations For International Components for Unicode (ICU) library versions prior to 10.5.3, update to version 10.5.3 or later. For libicu38, lib32icu-dev, lib32icu38, icu-doc, libicu38-dbg, and libicu-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.