Published: 25/05/2015 Updated: 23/04/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) prior to 55.1 does not properly track directionally isolated pieces of text, which allows remote malicious users to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple watchos
apple itunes
apple mac os x
icu-project international components for unicode

Debian Bug report logs - #784773 icu: CVE-2014-8146 and CVE-2014-8147 Package: icu; Maintainer for icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Marc Deslauriers <marcdeslauriers@ubuntucom> Date: Fri, 8 May 2015 17:27:02 UTC Severity: normal Tags: patch, security Found in versions 521-8, 521-1 ...

ICU could be made to crash or run programs as your login if it processed specially crafted data ...

Several vulnerabilities were discovered in the International Components for Unicode (ICU) library CVE-2014-8146 The Unicode Bidirectional Algorithm implementation does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execut ...

The resolveImplicitLevels function in common/ubidic in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 551 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbit ...

>> Heap overflow and integer overflow in ICU library (v52 to v54) >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ================================================================================= Disclosure: 04/05/2015 / Last updated: 07/05/2015 >> Background on the affected products: ICU is a mature ...

CWE-119 https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt http://www.kb.cert.org/vuls/id/602540 http://openwall.com/lists/oss-security/2015/05/05/6 http://bugs.icu-project.org/trac/changeset/37162 http://seclists.org/fulldisclosure/2015/May/14 https://support.apple.com/HT205221 http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html https://support.apple.com/HT205212 https://support.apple.com/HT205267 http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html https://support.apple.com/HT205213 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/74457 https://security.gentoo.org/glsa/201507-04 http://www.debian.org/security/2015/dsa-3323 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773 https://usn.ubuntu.com/2605-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/43887/https://access.redhat.com/security/cve/cve-2014-8146

CVE-2014-8146

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect