Note:
This project will be discontinued after December 13, 2021. [more]
Product:
International_components_for_unicode
(Icu\-Project)Repositories | https://github.com/unicode-org/icu |
#Vulnerabilities | 21 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-08-28 | CVE-2017-15422 | Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | Ubuntu_linux, Debian_linux, Chrome, International_components_for_unicode, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
2018-08-28 | CVE-2017-15396 | A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Chrome, International_components_for_unicode, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
2020-03-12 | CVE-2020-10531 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | Ubuntu_linux, Debian_linux, Fedora, Chrome, International_components_for_unicode, Node\.js, Leap, Banking_extensibility_workbench, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
2012-06-21 | CVE-2011-4599 | Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization. | International_components_for_unicode | N/A | ||
2018-11-04 | CVE-2018-18928 | International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. | International_components_for_unicode | 9.8 | ||
2017-04-14 | CVE-2017-7868 | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. | Debian_linux, International_components_for_unicode | 7.5 | ||
2017-04-14 | CVE-2017-7867 | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | Debian_linux, International_components_for_unicode | 7.5 | ||
2017-12-10 | CVE-2017-17484 | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. | International_components_for_unicode | 9.8 | ||
2017-10-16 | CVE-2017-14952 | Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. | International_components_for_unicode | 9.8 | ||
2016-09-17 | CVE-2016-7415 | Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. | International_components_for_unicode | 9.8 |