Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-6293

Published: 25/07/2016 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Icu-project

Vulnerability Summary

The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) up to and including 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote malicious users to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.

Vulnerable Product Search on Vulmon Subscribe to Product

icu-project international components for unicode

Vendor Advisories

Debian CVElist Bug Report Logs: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp
Debian Bug report logs - #838694 icu: CVE-2016-7415: Stack based buffer overflow in locidcpp Package: src:icu; Maintainer for src:icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Sep 2016 17:27:01 UTC Severity: important Tags: security, upstream F ...
Ubuntu Security Notice: icu vulnerabilities
Several security issues were fixed in ICU ...
Debian Security Advisories: DSA-3725-1 icu -- security update
Several vulnerabilities were discovered in the International Components for Unicode (ICU) library CVE-2014-9911 Michele Spagnuolo discovered a buffer overflow vulnerability which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via crafted text CVE-2015-2632 An integer overflow vulnerab ...
Red Hat: CVE-2016-6293
The uloc_acceptLanguageFromHTTP function in common/uloccpp in International Components for Unicode (ICU) through 571 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call ...

References

CWE-119http://openwall.com/lists/oss-security/2016/07/24/2https://bugs.php.net/72533http://www.securityfocus.com/bid/92127https://security.gentoo.org/glsa/201701-58https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838694https://usn.ubuntu.com/3227-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook