UbuntuUSN-591-1libicu vulnerabilities
9.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.8%
Releases
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- icu -
Details
Will Drewry discovered that libicu did not properly handle ‘\0’ when
processing regular expressions. If an application linked against libicu
processed a crafted regular expression, an attacker could execute
arbitrary code with privileges of the user invoking the program.
(CVE-2007-4770)
Will Drewry discovered that libicu did not properly limit its
backtracking stack size. If an application linked against libicu
processed a crafted regular expression, an attacker could cause a denial
of service via resource exhaustion. (CVE-2007-4771)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.10 | noarch | libicu36 | < 3.6-3ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libicu36-dev | < 3.6-3ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libicu36 | < 3.6-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libicu36-dev | < 3.6-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libicu34 | < 3.4.1a-1ubuntu1.6.10.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libicu34-dev | < 3.4.1a-1ubuntu1.6.10.1 | UNKNOWN |
| Ubuntu | 6.06 | noarch | libicu34 | < 3.4.1a-1ubuntu1.6.06.1 | UNKNOWN |
| Ubuntu | 6.06 | noarch | libicu34-dev | < 3.4.1a-1ubuntu1.6.06.1 | UNKNOWN |
Related
9.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.8%