CVE-2017-7867

Опубликовано: 13 фев. 2017

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.

A vulnerability was found in the International Components for Unicode (ICU). Specially crafted invalid utf-8 text, when parsed or manipulated using particular functions in libicu, could cause out-of-bounds heap reads and writes potentially leading to a crash, memory disclosure, or possibly code execution.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Directory Server 8	icu	Will not fix
Red Hat Enterprise Linux 5	icu	Will not fix
Red Hat Enterprise Linux 6	icu	Will not fix
Red Hat Enterprise Linux 7	icu	Will not fix
Red Hat OpenShift Enterprise 2	icu	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1444097icu: Heap-buffer overflow in utext_setNativeIndex function

EPSS

Процентиль: 81%

0.01613

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2017-7867

CVSS3: 7.5

ubuntu

почти 9 лет назад

CVE-2017-7867

CVSS3: 7.5

nvd

почти 9 лет назад

CVE-2017-7867

CVSS3: 7.5

debian

почти 9 лет назад

International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...

GHSA-4p33-mgp9-vqp5

CVSS3: 7.5

github

больше 3 лет назад

SUSE-SU-2018:1602-1

suse-cvrf

больше 7 лет назад

Security update for icu

EPSS

Процентиль: 81%

0.01613

Низкий

5.3 Medium

CVSS3