132 matches found
CVE-2020-10531
An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...
USN-4305-1: ICU vulnerability
André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code...
CVE-2020-10531
An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...
CVE-2020-10531
ICU for C/C++ up to version 66.1 is affected by CVE-2020-10531: an integer overflow in UnicodeString::doAppend() in common/unistr.cpp can cause a heap-based buffer overflow. Public disclosures and vendor advisories (e.g., ALAS2-2020-1418/ALSA-2020:1317, CESA/DSA advisories) reference this vulnera...
Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2019-1453)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-15396
A stack buffer overflow in NumberingSystem in International Components for Unicode ICU for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Stack overflow
A stack buffer overflow in NumberingSystem in International Components for Unicode ICU for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2017-15396
A stack buffer overflow in NumberingSystem in International Components for Unicode ICU for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2017-15422
ICU vulnerability CVE-2017-15422: An integer overflow in ICU’s international date handling (ICU for C/C++) enables out-of-bounds memory reads via crafted HTML. Affected: ICU before 60.1; used in Google Chrome’s V8 (pre-63.0.3239.84) and other products. Impact per sources: potential memory disclos...
Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode library
Summary IBM Content Collector for Emails,IBM Content Collector for File Systems,IBM Content Collector for SharePoint and Content Collector for IBM Connections is affected by following vulnerabilities present in the International Components for Unicode ICU library. ICU is vulnerable to a stack-bas...
CVE-2017-15422
Integer overflow in international date handling in International Components for Unicode ICU for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...
CVE-2017-14952
Double free in i18n/zonemeta.cpp in International Components for Unicode ICU for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue...
Google Patches ‘High Severity’ Browser Bug
UPDATE Google is urging users to update their Chrome desktop browsers to avoid security issues related to a high-severity stack-based buffer overflow vulnerability. Google issued the alert Thursday and said an update for most browsers has been released. “The stable channel has been updated to...
CVE-2017-14952
ICU (ICU4C) for C/C++ up to 59.1 contains a double-free in i18n/zonemeta.cpp (CVE-2017-14952), enabling remote arbitrary code execution via a crafted string. IBM/Db2 and IBM i advisories reference this CVE among ICU-related flaws; remediation involves applying the ICU fix release as indicated by ...
CVE-2017-14952
Double free in i18n/zonemeta.cpp in International Components for Unicode ICU for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue...
SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2017:2318-1)
icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU used an integer data type that is...
CVE-2017-11362
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformatparse.c does not restrict the locale length, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact within International...
CVE-2014-9654
The Regular Expressions package in International Components for Unicode ICU for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of...
CVE-2017-7867
International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextsetNativeIndex function...
CVE-2017-7868
International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextmoveIndex32 function...