icu: Stack-based buffer overflow by canonicalizing the given localeID

🗓️ 13 Dec 2011 22:07:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 5 Views

ICU overflow in _canonicalize during localeID variant handling enables remote code execution.

Reporter	Title	Published	Views	Family All 102
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics	25 Jul 201918:55	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics	13 Sep 201916:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties	19 Dec 201921:01	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere MQ shipped with WebSphere Remote Server (CVE-2011-4599)	15 Jun 201807:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i is affected by multiple vulnerabilities in International Components for Unicode (ICU) option 39 [CVE-2017-14952 CVE-2011-4599 CVE-2017-17484].	31 Jul 202518:58	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of International Components for Unicode, IBM Rational ClearQuest is vulnerable to buffer overflow.	18 Oct 202404:34	–	ibm
IBM Security Bulletins	Security Bulletin: ICU4C overflow vulnerability affects IBM WebSphere MQ (CVE-2011-4599)	15 Jun 201807:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in ICU libraries.	20 Jan 202616:34	–	ibm
Tenable Nessus	Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities	21 Sep 201200:00	–	nessus
Tenable Nessus	Apple iOS < 6.0 Multiple Vulnerabilities	24 Sep 201200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	icu	0:3.6-5.16.1	icu-0:3.6-5.16.1.i386.rpm
Red Hat Enterprise Linux	5	ia64	icu	0:3.6-5.16.1	icu-0:3.6-5.16.1.ia64.rpm
Red Hat Enterprise Linux	5	ppc	icu	0:3.6-5.16.1	icu-0:3.6-5.16.1.ppc.rpm
Red Hat Enterprise Linux	5	s390x	icu	0:3.6-5.16.1	icu-0:3.6-5.16.1.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	icu	0:3.6-5.16.1	icu-0:3.6-5.16.1.x86_64.rpm
Red Hat Enterprise Linux	6	i686	icu	0:4.2.1-9.1.el6_2	icu-0:4.2.1-9.1.el6_2.i686.rpm
Red Hat Enterprise Linux	6	ppc64	icu	0:4.2.1-9.1.el6_2	icu-0:4.2.1-9.1.el6_2.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	icu	0:4.2.1-9.1.el6_2	icu-0:4.2.1-9.1.el6_2.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	icu	0:4.2.1-9.1.el6_2	icu-0:4.2.1-9.1.el6_2.x86_64.rpm
Red Hat Enterprise Linux	5	i386	icu-debuginfo	0:3.6-5.16.1	icu-debuginfo-0:3.6-5.16.1.i386.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2011-4599
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2011-4599
cve	www.cve.org/CVERecord

21 Nov 2025 17:39Current

8High risk

Vulners AI Score8

CVSS 27.5

EPSS0.08068

buffer overflow locale identifier variant handling remote code execution unix