Lucene search

[email protected]CVE-2007-4771

HistoryJan 29, 2008 - 12:00 a.m.

CVE-2007-4771

2008-01-2900:00:00

CWE-399

[email protected]

web.nvd.nist.gov

cve

2007

4771

buffer overflow

regexcmp.cpp

libicu

international components for unicode

icu

denial of service

memory consumption

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

icu-projectinternational_components_for_unicodeRange≤3.8.1c\/c\+\+

CPENameOperatorVersion
icu-project:international_components_for_unicodeicu-project international components for unicodele3.8.1

CPE	Name	Operator	Version
icu-project:international_components_for_unicode	icu-project international components for unicode	le	3.8.1

References

lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

rhn.redhat.com/errata/RHSA-2008-0090.html

secunia.com/advisories/28575

secunia.com/advisories/28615

secunia.com/advisories/28669

secunia.com/advisories/28783

secunia.com/advisories/29194

secunia.com/advisories/29242

secunia.com/advisories/29291

secunia.com/advisories/29294

secunia.com/advisories/29333

secunia.com/advisories/29852

secunia.com/advisories/29910

secunia.com/advisories/29987

secunia.com/advisories/30179

security.gentoo.org/glsa/glsa-200803-20.xml

security.gentoo.org/glsa/glsa-200805-16.xml

securitytracker.com/id?1019269

sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com

sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1

sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1

wiki.rpath.com/wiki/Advisories:rPSA-2008-0043

www.debian.org/security/2008/dsa-1511

www.mandriva.com/security/advisories?name=MDVSA-2008:026

www.novell.com/linux/security/advisories/2008_23_openoffice.html

www.openoffice.org/security/cves/CVE-2007-4770.html

www.openoffice.org/security/cves/CVE-2007-5745.html

www.securityfocus.com/archive/1/487677/100/0/threaded

www.securityfocus.com/bid/27455

www.ubuntu.com/usn/usn-591-1

www.vupen.com/english/advisories/2008/0282

www.vupen.com/english/advisories/2008/0807/references

www.vupen.com/english/advisories/2008/1375/references

bugzilla.redhat.com/show_bug.cgi?id=429025

exchange.xforce.ibmcloud.com/vulnerabilities/39936

issues.rpath.com/browse/RPL-2199

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10507

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5431

www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2007-4771

cvelist1 debiancve1 ubuntucve1 prion1 nvd1 oraclelinux1 nessus15 openvas27 centos1 securityvulns2 gentoo2 ubuntu1 fedora2 redhat1 debian1 osv1 suse1