CVE-2007-4771 – libicu incomplete interval handling

https://notcve.org/view.php?id=CVE-2007-4771

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en la función doInterval de regexcmp.cpp de libicu de International Components for Unicode (ICU) 3.8.1 y versiones anteriores, permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio (agotamiento de memoria) y posiblemente tiene otro impacto desconocido mediante una expresión regular que escribe una gran cantidad de datos en la pila de vuelta atrás (backtracking). NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://rhn.redhat.com/errata/RHSA-2008-0090.html http://secunia.com/advisories/28575 http://secunia.com/advisories/28615 http://secunia.com/advisories/28669 http://secunia.com/advisories/28783 http://secunia.com/advisories/29194 http://secunia.com/advisories/29242 http://secunia.com/advisories/29291 http://secunia.com/advisories/29294 http://secunia.com/advisories/29333 http://secunia.com/advisories/2 • CWE-399: Resource Management Errors •