7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.224 Low
EPSS
Percentile
96.5%
Issue Overview:
A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599)
Affected Packages:
icu
Issue Correction:
Run yum update icu to update your system.
New Packages:
i686:
libicu-4.2.1-9.9.amzn1.i686
icu-4.2.1-9.9.amzn1.i686
libicu-devel-4.2.1-9.9.amzn1.i686
icu-debuginfo-4.2.1-9.9.amzn1.i686
noarch:
libicu-doc-4.2.1-9.9.amzn1.noarch
src:
icu-4.2.1-9.9.amzn1.src
x86_64:
icu-debuginfo-4.2.1-9.9.amzn1.x86_64
libicu-4.2.1-9.9.amzn1.x86_64
libicu-devel-4.2.1-9.9.amzn1.x86_64
icu-4.2.1-9.9.amzn1.x86_64
Red Hat: CVE-2011-4599
Mitre: CVE-2011-4599
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | libicu | < 4.2.1-9.9.amzn1 | libicu-4.2.1-9.9.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | icu | < 4.2.1-9.9.amzn1 | icu-4.2.1-9.9.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libicu-devel | < 4.2.1-9.9.amzn1 | libicu-devel-4.2.1-9.9.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | icu-debuginfo | < 4.2.1-9.9.amzn1 | icu-debuginfo-4.2.1-9.9.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | libicu-doc | < 4.2.1-9.9.amzn1 | libicu-doc-4.2.1-9.9.amzn1.noarch.rpm |
Amazon Linux | 1 | x86_64 | icu-debuginfo | < 4.2.1-9.9.amzn1 | icu-debuginfo-4.2.1-9.9.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libicu | < 4.2.1-9.9.amzn1 | libicu-4.2.1-9.9.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libicu-devel | < 4.2.1-9.9.amzn1 | libicu-devel-4.2.1-9.9.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | icu | < 4.2.1-9.9.amzn1 | icu-4.2.1-9.9.amzn1.x86_64.rpm |