rpm package
suse/icu&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15422 | Med | 6.5 | < 52.1-8.7.1 | 52.1-8.7.1 | Aug 28, 2018 | Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-17484 | Cri | 9.8 | < 52.1-8.7.1 | 52.1-8.7.1 | Dec 10, 2017 | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and applicatio | |
| CVE-2017-14952 | Cri | 9.8 | < 52.1-8.7.1 | 52.1-8.7.1 | Oct 16, 2017 | Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. | |
| CVE-2017-7868 | Hig | 7.5 | < 52.1-8.7.1 | 52.1-8.7.1 | Apr 14, 2017 | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. | |
| CVE-2017-7867 | Hig | 7.5 | < 52.1-8.7.1 | 52.1-8.7.1 | Apr 14, 2017 | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | |
| CVE-2016-6293 | Cri | 9.8 | < 52.1-8.7.1 | 52.1-8.7.1 | Jul 25, 2016 | The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out | |
| CVE-2014-8147 | — | < 52.1-8.3.1 | 52.1-8.3.1 | May 25, 2015 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause | ||
| CVE-2014-8146 | — | < 52.1-8.3.1 | 52.1-8.3.1 | May 25, 2015 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a de |
- affected < 52.1-8.7.1fixed 52.1-8.7.1
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 52.1-8.7.1fixed 52.1-8.7.1
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and applicatio
- affected < 52.1-8.7.1fixed 52.1-8.7.1
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
- affected < 52.1-8.7.1fixed 52.1-8.7.1
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
- affected < 52.1-8.7.1fixed 52.1-8.7.1
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
- affected < 52.1-8.7.1fixed 52.1-8.7.1
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out
- CVE-2014-8147May 25, 2015affected < 52.1-8.3.1fixed 52.1-8.3.1
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause
- CVE-2014-8146May 25, 2015affected < 52.1-8.3.1fixed 52.1-8.3.1
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a de