CVE-2014-8146
ICU library 52 < 54 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
La función resolveImplicitLevels en common/ubidi.c en la implementación Unicode Bidirectional Algorithm en ICU4C en International Components for Unicode (ICU) anterior a 55.1 no rastrea correctamente trozos de texto aislados direccionalmente, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente ejecutar código arbitrario a través de texto manipulado.
Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2015-05-05 CVE Published
- 2015-06-10 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2015/05/05/6 | Mailing List | |
| http://www.kb.cert.org/vuls/id/602540 | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/74457 | Third Party Advisory | |
| https://support.apple.com/HT205212 | Third Party Advisory |
|
| https://support.apple.com/HT205213 | Third Party Advisory |
|
| https://support.apple.com/HT205221 | Third Party Advisory |
|
| https://support.apple.com/HT205267 | Third Party Advisory |
|
| https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/43887 | 2015-06-10 | |
| http://seclists.org/fulldisclosure/2015/May/14 | 2024-08-06 | |
| https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | 2019-04-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Itunes Search vendor "Apple" for product "Itunes" | <= 12.1.3 Search vendor "Apple" for product "Itunes" and version " <= 12.1.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | <= 8.2 Search vendor "Apple" for product "Iphone Os" and version " <= 8.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.10.4 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | <= 1.0.1 Search vendor "Apple" for product "Watchos" and version " <= 1.0.1" | - |
Affected
| ||||||
| Icu-project Search vendor "Icu-project" | International Components For Unicode Search vendor "Icu-project" for product "International Components For Unicode" | < 55.1 Search vendor "Icu-project" for product "International Components For Unicode" and version " < 55.1" | c\/c\+\+ |
Affected
| ||||||