Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2014-8146
StatusUNKNOWN
DescriptionThe resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
Severity
High
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseASSIGNED (09.10.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8146
ReferencesCONFIRM : http://bugs.icu-project.org/trac/changeset/37162
 MISC : https://raw.githubusercontent.com/pedrib/PoC/maste...
 CERT-VN : VU#602540
 MLIST : [oss-security] 20150505 [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL
SecurityVulns:libicu security vulnerabilities
 Apple iOS multiple security vulnerabilities
 Apple iTunes multiple security vulnerabilities
 Apple watchOS security vulnerabilities
 Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod