Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-8146
HistoryDec 31, 2014 - 12:00 a.m.

CVE-2014-8146

2014-12-3100:00:00
ubuntu.com
ubuntu.com
13

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.8%

The resolveImplicitLevels function in common/ubidi.c in the Unicode
Bidirectional Algorithm implementation in ICU4C in International Components
for Unicode (ICU) before 55.1 does not properly track directionally
isolated pieces of text, which allows remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly execute arbitrary code via
crafted text.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchicu< 52.1-3ubuntu0.3UNKNOWN
ubuntu14.10noarchicu< 52.1-6ubuntu0.3UNKNOWN
ubuntu15.04noarchicu< 52.1-8ubuntu0.1UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.8%

Related for UB:CVE-2014-8146