PT-2015-3267 · Icu+5 · International Components For Unicode+5

Published

2015-01-21

Updated

2024-06-15

CVE-2014-7940

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) versions 52 through SVN revision 293126 Google Chrome versions prior to 40.0.2214.91

Description The issue is related to the collator implementation in the International Components for Unicode (ICU) library, which does not properly initialize memory for a data structure. This can be exploited by remote attackers using a crafted character sequence, potentially leading to a denial of service or other unspecified impacts.

Recommendations For International Components for Unicode (ICU) versions 52 through SVN revision 293126, update to a version after SVN revision 293126 to resolve the issue. For Google Chrome versions prior to 40.0.2214.91, update to version 40.0.2214.91 or later to fix the problem.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2015-1098

BDU:2016-01659

CVE-2014-7940

DLA-219-1

DSA-3187-1

MGASA-2015-0047

OPENSUSE-SU-2015_0441-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2015:0093

RHSA-2015_0093

USN-2476-1

USN-2522-1

Affected Products

Alt Linux

Google Chrome

International Components For Unicode

Red Hat

Suse

Ubuntu

PT-2015-3267 · Icu+5 · International Components For Unicode+5

CVE-2014-7940

Weakness Enumeration

Related Identifiers

Affected Products

References · 2521