Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-7940
HistoryJan 22, 2015 - 12:00 a.m.

CVE-2014-7940

2015-01-2200:00:00
ubuntu.com
ubuntu.com
15

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.043

Percentile

92.4%

The collator implementation in i18n/ucol.cpp in International Components
for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome
before 40.0.2214.91, does not initialize memory for a data structure, which
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted character sequence.

Bugs

Notes

Author Note
mdeslaur code in icu has changed, so no equivalent commit in icu tree first google patch is buggy, as prevPos is getting set after the getNextNormalizedChar second google patch is buggy as source->endp is being checked without checking the UCOL_ITER_HASLEN flag
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchchromium-browser< 40.0.2214.94-0ubuntu0.14.04.1.1068UNKNOWN
ubuntu14.10noarchchromium-browser< 40.0.2214.94-0ubuntu0.14.10.1.1110UNKNOWN
ubuntu15.04noarchchromium-browser< 40.0.2214.94-0ubuntu1.1120UNKNOWN
ubuntu15.10noarchchromium-browser< 40.0.2214.94-0ubuntu1.1120UNKNOWN
ubuntu12.04noarchicu< 4.8.1.1-3ubuntu0.3UNKNOWN
ubuntu14.04noarchicu< 52.1-3ubuntu0.2UNKNOWN
ubuntu14.10noarchicu< 52.1-6ubuntu0.2UNKNOWN
ubuntu14.04noarchoxide-qt< 1.4.2-0ubuntu0.14.04.1UNKNOWN
ubuntu14.10noarchoxide-qt< 1.4.2-0ubuntu0.14.10.1UNKNOWN
ubuntu15.04noarchoxide-qt< 1.4.2-0ubuntu1UNKNOWN
Rows per page:
1-10 of 111

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.043

Percentile

92.4%