Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-4771

Published: 29/01/2008 Updated: 15/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to International Components For Unicode

Vulnerability Summary

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and previous versions allows context-dependent malicious users to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

icu-project international components for unicode

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-4770/1: Vulnerabilities in libicu
Debian Bug report logs - #463688 CVE-2007-4770/1: Vulnerabilities in libicu Package: icu; Maintainer for icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 2 Feb 2008 12:24:01 UTC Severity: grave Tags: security Fixed in version icu/38-6 Done: Jay Berkenbilt & ...
Ubuntu Security Notice: icu vulnerabilities
Will Drewry discovered that libicu did not properly handle ‘\0’ when processing regular expressions If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program (CVE-2007-4770) ...
Debian Security Advisories: DSA-1511-1 libicu -- various
Several local vulnerabilities have been discovered in libicu, International Components for Unicode, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4770 libicu in International Components for Unicode (ICU) 381 and earlier attempts to process backreferences to the nonexistent capture group z ...

References

CWE-399http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.comhttps://bugzilla.redhat.com/show_bug.cgi?id=429025http://www.mandriva.com/security/advisories?name=MDVSA-2008:026http://rhn.redhat.com/errata/RHSA-2008-0090.htmlhttp://www.securityfocus.com/bid/27455http://securitytracker.com/id?1019269http://secunia.com/advisories/28575http://secunia.com/advisories/28615https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.htmlhttp://secunia.com/advisories/28669http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043https://issues.rpath.com/browse/RPL-2199http://secunia.com/advisories/28783http://www.debian.org/security/2008/dsa-1511http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://secunia.com/advisories/29194http://secunia.com/advisories/29242http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1http://secunia.com/advisories/29291http://security.gentoo.org/glsa/glsa-200803-20.xmlhttp://secunia.com/advisories/29333http://www.ubuntu.com/usn/usn-591-1http://secunia.com/advisories/29294http://www.openoffice.org/security/cves/CVE-2007-4770.htmlhttp://www.openoffice.org/security/cves/CVE-2007-5745.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1http://www.novell.com/linux/security/advisories/2008_23_openoffice.htmlhttp://secunia.com/advisories/29852http://secunia.com/advisories/29910http://secunia.com/advisories/29987http://security.gentoo.org/glsa/glsa-200805-16.xmlhttp://secunia.com/advisories/30179http://www.vupen.com/english/advisories/2008/0807/referenceshttp://www.vupen.com/english/advisories/2008/1375/referenceshttp://www.vupen.com/english/advisories/2008/0282https://exchange.xforce.ibmcloud.com/vulnerabilities/39936https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5431https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10507http://www.securityfocus.com/archive/1/487677/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688https://usn.ubuntu.com/591-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook