Veracode Vulnerability DatabaseVERACODE:24905Arbitrary Code Execution
0.224 Low
EPSS
Percentile
96.5%
icu is vulnerable to arbitrary code execution. The vulnerability exists as a stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| icu | eq | 4.2.1__9.el6 | |
| icu | eq | 4.2.1__9.el6 |
References
bugs.icu-project.org/trac/ticket/8984
code.google.com/p/chromium/issues/detail?id=106441
lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
rhn.redhat.com/errata/RHSA-2011-1815.html
secunia.com/advisories/47146
secunia.com/advisories/47227
secunia.com/advisories/47674
secunia.com/advisories/47714
secunia.com/advisories/47775
support.apple.com/kb/HT5501
support.apple.com/kb/HT5503
ubuntu.com/usn/usn-1348-1
www.debian.org/security/2012/dsa-2397
www.mandriva.com/security/advisories?name=MDVSA-2011:194
www.openwall.com/lists/oss-security/2011/12/09/2
www.openwall.com/lists/oss-security/2011/12/09/5
www.osvdb.org/77698
www.securityfocus.com/bid/51006
access.redhat.com/errata/RHSA-2011:1815
access.redhat.com/security/cve/CVE-2011-4599
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=765812
exchange.xforce.ibmcloud.com/vulnerabilities/71726
Related
