9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Several local vulnerabilities have been discovered in libicu,
International Components for Unicode, The Common Vulnerabilities and
Exposures project identifies the following problems:
libicu in International Components for Unicode (ICU) 3.8.1 and earlier
attempts to process backreferences to the nonexistent capture group
zero (aka \0), which might allow context-dependent attackers to read
from, or write to, out-of-bounds memory locations, related to
corruption of REStackFrames.
Heap-based buffer overflow in the doInterval function in regexcmp.cpp
in libicu in International Components for Unicode (ICU) 3.8.1 and
earlier allows context-dependent attackers to cause a denial of
service (memory consumption) and possibly have unspecified other
impact via a regular expression that writes a large amount of data to
the backtracking stack.
For the stable distribution (etch), these problems have been fixed in
version 3.6-2etch1.
For the unstable distribution (sid), these problems have been fixed in
version 3.8-6.
We recommend that you upgrade your libicu package.