Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-9654

Published: 24/04/2017 Updated: 23/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Google

Vulnerability Summary

The Regular Expressions package in International Components for Unicode (ICU) for C/C++ prior to 2014-12-03, as used in Google Chrome prior to 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

icu-project international components for unicode

Vendor Advisories

Debian CVElist Bug Report Logs: icu: CVE-2015-1205 / CVE-2014-9654
Debian Bug report logs - #776719 icu: CVE-2015-1205 / CVE-2014-9654 Package: src:icu; Maintainer for src:icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Sat, 31 Jan 2015 17:00:11 UTC Severity: serious Tags: patch, security Fixed in version icu/521-71 Done ...
Debian CVElist Bug Report Logs: icu: CVE-2014-6585 out-of-bounds read
Debian Bug report logs - #776264 icu: CVE-2014-6585 out-of-bounds read Package: src:icu; Maintainer for src:icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 26 Jan 2015 02:30:02 UTC Severity: important Tags: patch Found in version icu/521-7 Fixed in ver ...
Debian CVElist Bug Report Logs: icu: multiple security issues
Debian Bug report logs - #776265 icu: multiple security issues Package: src:icu; Maintainer for src:icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 26 Jan 2015 02:39:02 UTC Severity: important Tags: patch, security Found in version icu/521-7 Fixed in v ...
Ubuntu Security Notice: icu vulnerabilities
ICU could be made to crash or run programs as your login if it processed specially crafted data ...
Ubuntu Security Notice: icu vulnerabilities
ICU could be made to crash or run programs as your login if it processed specially crafted data ...
Ubuntu Security Notice: icu regression
USN-2522-1 introduced a regression in ICU ...
Red Hat: CVE-2014-9654
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 400221491, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifie ...

References

CWE-119https://code.google.com/p/chromium/issues/detail?id=432209https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5http://openwall.com/lists/oss-security/2015/02/05/15http://bugs.icu-project.org/trac/ticket/11371http://bugs.icu-project.org/trac/changeset/36801https://security.gentoo.org/glsa/201503-06http://www.securitytracker.com/id/1035410http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776719https://usn.ubuntu.com/2522-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook