CVE-2007-4771

Properties

Published:
27.01.2008
Updated:
30.01.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
ICU Project: International Components for Unicode

Vulnerability description

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.  NOTE: some of these details are obtained from third party information.

References:

MLIST: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com
https://bugzilla.redhat.com/show_bug.cgi?id=429025: https://bugzilla.redhat.com/show_bug.cgi?id=429025
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2008:026
REDHAT: http://rhn.redhat.com/errata/RHSA-2008-0090.html
BID: http://www.securityfocus.com/bid/27455
SECTRACK: http://securitytracker.com/id?1019269
SECUNIA: http://secunia.com/advisories/28575
SECUNIA: http://secunia.com/advisories/28615
XF: http://xforce.iss.net/xforce/xfdb/39936