CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4770 – libicu poor back reference validation
https://notcve.org/view.php?id=CVE-2007-4770
28 Jan 2008 — libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. libicu de International Components for Unicode (ICU) 3.8.1 y versiones anteriores intenta procesar referencias a un grupo de captura no existente cero (también conocido como \0), lo cual podría permitir a atacante... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-4771 – libicu incomplete interval handling
https://notcve.org/view.php?id=CVE-2007-4771
28 Jan 2008 — Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en la función doInterval de regexcmp.c... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html • CWE-399: Resource Management Errors •