International Components for Unicode (ICU) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Locale class in common/locid.cpp. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVEID: CVE-2016-7415 DESCRIPTION: International Components for Unicode (ICU) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Locale class in common/locid.cpp. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117035> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-6293 DESCRIPTION: International Components for Unicode (ICU) could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the uloc_acceptLanguageFromHTTP function. An attacker could exploit this vulnerability using a call with a long httpAcceptLanguage argument to execute arbitrary code on the system. Note: This vulnerability also affect PHP.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115536> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM eDiscovery Manager Version 2.2.2
Product
| VRM|Remediation
—|—|—
IBM eDiscovery Manager| 2.2.2| Use IBM eDiscovery Manager 2.2.2.2 Interim Fix IF0003 available at https://www-945.ibm.com/support/fixcentral/
None. Install the interim fix.
CPE | Name | Operator | Version |
---|---|---|---|
ediscovery manager | eq | 2.2.2 |