Page 2 of 22 results (0.002 seconds)

CVSS: 8.8EPSS: 3%CPEs: 8EXPL: 0

A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en pila en NumberingSystem en International Components for Unicode (ICU) for C/C++ en versiones anteriores a la 60.2, tal y como se emplea en V8 en Google Chrome en versiones anteriores a la 62.0.3202.75 y otros productos, permitía que un atacante remoto explote una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://bugs.icu-project.org/trac/changeset/40494 http://www.securityfocus.com/bid/101597 https://access.redhat.com/errata/RHSA-2017:3082 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html https://crbug.com/770452 https://security.gentoo.org/glsa/201711-02 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15396 https://bugzilla.redhat.com/show_bug.cgi?id=1506942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Doble liberación (double free) en i18n/zonemeta.cpp en International Components for Unicode (ICU) para C/C++ hasta la versión 59.1 permite que atacantes remotos ejecuten código arbitrario mediante una cadena manipulada. Esto también se conoce como "redundant UVector entry clean up function call". • http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-415: Double Free •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. International Components para Unicode (ICU) para C/C++ en versiones anteriores a 13-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con la función utf8TextAccess en common/utext.cpp y la función unad the utext_moveIndex32*. • http://bugs.icu-project.org/trac/changeset/39671 http://www.debian.org/security/2017/dsa-3830 http://www.securityfocus.com/bid/97674 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437 https://security.gentoo.org/glsa/201710-03 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. International Components para Unicode (ICU) para C/C++ en versiones anteriores a 13-02-2017 tiene una escritura fuera de límites provocado por un desbordamiento de búfer basado en memoria dinámica en relación con la función utf8TextAccess en la función common/utext.cpp y la función utext_setNativeIndex*. • http://bugs.icu-project.org/trac/changeset/39671 http://www.debian.org/security/2017/dsa-3830 http://www.securityfocus.com/bid/97672 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213 https://security.gentoo.org/glsa/201710-03 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. Desbordamiento de búfer basado en pila en la función ures_getByKeyWithFallback en common/uresbund.cpp en International Components for Unicode (ICU) en versiones anteriores a 54.1 para C/C++ permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una llamada manipulada uloc_getDisplayName. • http://bugs.icu-project.org/trac/changeset/35699 http://bugs.icu-project.org/trac/ticket/1089 http://www.openwall.com/lists/oss-security/2016/11/25/1 http://www.securityfocus.com/bid/94520 http://www.securitytracker.com/id/1037556 https://bugs.php.net/bug.php?id=67397 https://bugzilla.redhat.com/show_bug.cgi?id=1383569 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •