Lucene search

K

[email protected]NVD:CVE-2014-7923

HistoryJan 22, 2015 - 10:59 p.m.

CVE-2014-7923

2015-01-2222:59:00

CWE-17

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.1%

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.

Affected configurations

NVD

Node

redhatenterprise_linux_desktop_supplementaryMatch6.0

OR

redhatenterprise_linux_server_supplementaryMatch6.0

OR

redhatenterprise_linux_server_supplementary_eusMatch6.6.z

OR

redhatenterprise_linux_workstation_supplementaryMatch6.0

Node

opensuseopensuseMatch13.1

OR

opensuseopensuseMatch13.2

Node

icu-projectinternational_components_for_unicodeRange<55.1c\/c\+\+

Node

oraclecommunications_messaging_serverMatch7.0.5

OR

oraclecommunications_messaging_serverMatch8.0

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch14.10

Node

googlechromeRange≤40.0.2214.85

References

advisories.mageia.org/MGASA-2015-0047.html

bugs.icu-project.org/trac/ticket/11370

googlechromereleases.blogspot.com/2015/01/stable-update.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

rhn.redhat.com/errata/RHSA-2015-0093.html

secunia.com/advisories/62383

secunia.com/advisories/62575

secunia.com/advisories/62665

security.gentoo.org/glsa/glsa-201502-13.xml

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/72288

www.securitytracker.com/id/1031623

www.ubuntu.com/usn/USN-2476-1

chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c

chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb

code.google.com/p/chromium/issues/detail?id=430353

codereview.chromium.org/726973003

security.gentoo.org/glsa/201503-06

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.1%

Related for NVD:CVE-2014-7923

debiancve2 cve2 cvelist2 ubuntucve2 prion2 nvd1 nessus25 openvas23 mageia1 gentoo2 fedora4 ibm4 ubuntu4 debian3 securityvulns4 osv2 threatpost1 chrome1 archlinux1 freebsd1 redhat1 suse1 oracle2