Note:
This project will be discontinued after December 13, 2021. [more]
Product:
International_components_for_unicode
(Icu\-Project)| Repositories | https://github.com/unicode-org/icu |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-05-25 | CVE-2014-8147 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. | Mac_os_x, Watchos, International_components_for_unicode | N/A | ||
| 2015-01-22 | CVE-2014-7923 | The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. | Ubuntu_linux, Chrome, International_components_for_unicode, Opensuse, Communications_messaging_server, Enterprise_linux_desktop_supplementary, Enterprise_linux_server_supplementary, Enterprise_linux_server_supplementary_eus, Enterprise_linux_workstation_supplementary | N/A | ||
| 2015-01-22 | CVE-2014-7926 | The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. | Ubuntu_linux, Chrome, International_components_for_unicode, Opensuse, Communications_messaging_server, Enterprise_linux_desktop_supplementary, Enterprise_linux_server_supplementary, Enterprise_linux_server_supplementary_eus, Enterprise_linux_workstation_supplementary | N/A | ||
| 2015-01-22 | CVE-2014-7940 | The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. | Chrome, International_components_for_unicode | N/A | ||
| 2016-07-25 | CVE-2016-6293 | The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. | International_components_for_unicode | 9.8 | ||
| 2018-08-28 | CVE-2017-15422 | Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | Ubuntu_linux, Debian_linux, Chrome, International_components_for_unicode, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2018-08-28 | CVE-2017-15396 | A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Chrome, International_components_for_unicode, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2020-03-12 | CVE-2020-10531 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | Ubuntu_linux, Debian_linux, Fedora, Chrome, International_components_for_unicode, Node\.js, Leap, Banking_extensibility_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2012-06-21 | CVE-2011-4599 | Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. | International_components_for_unicode | N/A | ||
| 2018-11-04 | CVE-2018-18928 | International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. | International_components_for_unicode | 9.8 |