CVE-2007-4770

Properties

Published:
27.01.2008
Updated:
30.01.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
ICU Project: International Components for Unicode

Vulnerability description

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

References:

MLIST: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com
https://bugzilla.redhat.com/show_bug.cgi?id=429023: https://bugzilla.redhat.com/show_bug.cgi?id=429023
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2008:026
REDHAT: http://rhn.redhat.com/errata/RHSA-2008-0090.html
BID: http://www.securityfocus.com/bid/27455
SECTRACK: http://securitytracker.com/id?1019269
SECUNIA: http://secunia.com/advisories/28575
SECUNIA: http://secunia.com/advisories/28615
XF: http://xforce.iss.net/xforce/xfdb/39938