CVE-2017-14952
https://notcve.org/view.php?id=CVE-2017-14952
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Doble liberación (double free) en i18n/zonemeta.cpp en International Components for Unicode (ICU) para C/C++ hasta la versión 59.1 permite que atacantes remotos ejecuten código arbitrario mediante una cadena manipulada. Esto también se conoce como "redundant UVector entry clean up function call". • http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-415: Double Free •
CVE-2017-7868
https://notcve.org/view.php?id=CVE-2017-7868
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. International Components para Unicode (ICU) para C/C++ en versiones anteriores a 13-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con la función utf8TextAccess en common/utext.cpp y la función unad the utext_moveIndex32*. • http://bugs.icu-project.org/trac/changeset/39671 http://www.debian.org/security/2017/dsa-3830 http://www.securityfocus.com/bid/97674 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437 https://security.gentoo.org/glsa/201710-03 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-787: Out-of-bounds Write •
CVE-2017-7867
https://notcve.org/view.php?id=CVE-2017-7867
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. International Components para Unicode (ICU) para C/C++ en versiones anteriores a 13-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con la función utf8TextAccess en la función common/utext.cpp y la función utext_setNativeIndex*. • http://bugs.icu-project.org/trac/changeset/39671 http://www.debian.org/security/2017/dsa-3830 http://www.securityfocus.com/bid/97672 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213 https://security.gentoo.org/glsa/201710-03 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-787: Out-of-bounds Write •
CVE-2014-9911
https://notcve.org/view.php?id=CVE-2014-9911
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. Desbordamiento de búfer basado en pila en la función ures_getByKeyWithFallback en common/uresbund.cpp en International Components for Unicode (ICU) en versiones anteriores a 54.1 para C/C++ permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una llamada manipulada uloc_getDisplayName. • http://bugs.icu-project.org/trac/changeset/35699 http://bugs.icu-project.org/trac/ticket/1089 http://www.openwall.com/lists/oss-security/2016/11/25/1 http://www.securityfocus.com/bid/94520 http://www.securitytracker.com/id/1037556 https://bugs.php.net/bug.php?id=67397 https://bugzilla.redhat.com/show_bug.cgi?id=1383569 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7415
https://notcve.org/view.php?id=CVE-2016-7415
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. Desbordamiento de búfer basado en pila en la clase Locale en common/locid.cpp en International Components para Unicode (ICU) hasta la versión 57.1 para C/C++ permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o tener otro posible impacto no especificado a través de una cadena locale grande. • http://www.openwall.com/lists/oss-security/2016/09/15/10 http://www.securityfocus.com/bid/93022 https://bugs.php.net/bug.php?id=73007 https://security.gentoo.org/glsa/201701-58 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.tenable.com/security/tns-2016-19 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •