rpm package
suse/icu&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15422 | Med | 6.5 | < 4.0-47.6.1 | 4.0-47.6.1 | Aug 28, 2018 | Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-17484 | Cri | 9.8 | < 4.0-47.6.1 | 4.0-47.6.1 | Dec 10, 2017 | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and applicatio | |
| CVE-2017-14952 | Cri | 9.8 | < 4.0-47.6.1 | 4.0-47.6.1 | Oct 16, 2017 | Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. | |
| CVE-2014-9654 | Cri | 9.8 | < 4.0-7.30.2 | 4.0-7.30.2 | Apr 24, 2017 | The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cau | |
| CVE-2017-7868 | Hig | 7.5 | < 4.0-47.6.1 | 4.0-47.6.1 | Apr 14, 2017 | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. | |
| CVE-2017-7867 | Hig | 7.5 | < 4.0-47.6.1 | 4.0-47.6.1 | Apr 14, 2017 | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | |
| CVE-2014-9911 | Cri | 9.8 | < 4.0-47.3.2 | 4.0-47.3.2 | Jan 4, 2017 | Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDi | |
| CVE-2016-6293 | Cri | 9.8 | < 4.0-47.6.1 | 4.0-47.6.1 | Jul 25, 2016 | The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out |
- affected < 4.0-47.6.1fixed 4.0-47.6.1
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 4.0-47.6.1fixed 4.0-47.6.1
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and applicatio
- affected < 4.0-47.6.1fixed 4.0-47.6.1
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
- affected < 4.0-7.30.2fixed 4.0-7.30.2
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cau
- affected < 4.0-47.6.1fixed 4.0-47.6.1
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
- affected < 4.0-47.6.1fixed 4.0-47.6.1
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
- affected < 4.0-47.3.2fixed 4.0-47.3.2
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDi
- affected < 4.0-47.6.1fixed 4.0-47.6.1
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out