7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
icu is vulnerable to arbitrary code execution. The vulnerability exists as a stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
CPE | Name | Operator | Version |
---|---|---|---|
icu | eq | 4.2.1__9.el6 | |
icu | eq | 4.2.1__9.el6 |
bugs.icu-project.org/trac/ticket/8984
code.google.com/p/chromium/issues/detail?id=106441
lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
rhn.redhat.com/errata/RHSA-2011-1815.html
secunia.com/advisories/47146
secunia.com/advisories/47227
secunia.com/advisories/47674
secunia.com/advisories/47714
secunia.com/advisories/47775
support.apple.com/kb/HT5501
support.apple.com/kb/HT5503
ubuntu.com/usn/usn-1348-1
www.debian.org/security/2012/dsa-2397
www.mandriva.com/security/advisories?name=MDVSA-2011:194
www.openwall.com/lists/oss-security/2011/12/09/2
www.openwall.com/lists/oss-security/2011/12/09/5
www.osvdb.org/77698
www.securityfocus.com/bid/51006
access.redhat.com/errata/RHSA-2011:1815
access.redhat.com/security/cve/CVE-2011-4599
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=765812
exchange.xforce.ibmcloud.com/vulnerabilities/71726