6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
87.9%
International Components for Unicode (ICU) is a library for handling Unicode strings. A C version, ICU4C and a Java version ICU4J are available. Multiple products that use ICU4C contain a denial-of-service vulnerability due to a race condition.
ICU released ICU4C version 50.1.1 that addresses this vulnerability in December, 2012.
Impacts may vary depending on the product. In some cases, a remote attacker may cause a denial-of-service (DoS).
Apply an Update
Update to the latest version according to the information provided by the developer.
Products that use International Components for Unicode (ICU) may be vulnerable.
For more information on vulnerable products, please refer to the “Vendor Status” section.