CVE-2007-4770

libicu poor back reference validation

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

libicu de International Components for Unicode (ICU) 3.8.1 y versiones anteriores intenta procesar referencias a un grupo de captura no existente cero (también conocido como \0), lo cual podría permitir a atacantes locales o remotos dependientes del contexto leer desde, ó escribir en, direcciones de memoria fuera de los límites, relativo a corrupción de REStackFrames.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-10 CVE Reserved
2008-01-26 CVE Published
2024-08-07 CVE Updated
2024-09-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (28)

URL	Tag	Source
http://securitytracker.com/id?1019269	Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043	Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-4770.html	Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-5745.html	Third Party Advisory
http://www.securityfocus.com/archive/1/487677/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/27455	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0282	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0807/references	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1375/references	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39938	Third Party Advisory
https://issues.rpath.com/browse/RPL-2199	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507	Signature

URL	Date	SRC

URL	Date	SRC
http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com	2018-10-15

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	2018-10-15
http://rhn.redhat.com/errata/RHSA-2008-0090.html	2018-10-15
http://security.gentoo.org/glsa/glsa-200803-20.xml	2018-10-15
http://security.gentoo.org/glsa/glsa-200805-16.xml	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1	2018-10-15
http://www.debian.org/security/2008/dsa-1511	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:026	2018-10-15
http://www.novell.com/linux/security/advisories/2008_23_openoffice.html	2018-10-15
http://www.ubuntu.com/usn/usn-591-1	2018-10-15
https://bugzilla.redhat.com/show_bug.cgi?id=429023	2008-01-25
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-4770	2008-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Icu-project Search vendor "Icu-project"		International Components For Unicode Search vendor "Icu-project" for product "International Components For Unicode"				<= 3.8.1 Search vendor "Icu-project" for product "International Components For Unicode" and version " <= 3.8.1"		c\/c\+\+		Affected