Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4771

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4771
Last Modified 07 Mar 2011 09:59:09
Published 28 Jan 2008 07:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4771

Summary

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Icu Project International Components For Unicode 3.8.1


References

BID - 27455

MLIST - [icu-support] 20080122 ICU Patch for bugs in Regular Expressions

FEDORA - FEDORA-2008-1076

FEDORA - FEDORA-2008-1036

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=429025

XF - libicu-dointerval-bo(39936)

VUPEN - ADV-2008-1375

VUPEN - ADV-2008-0807

VUPEN - ADV-2008-0282

MANDRIVA - MDVSA-2008:026

SECTRACK - 1019269

GENTOO - GLSA-200805-16

SECUNIA - 30179

SECUNIA - 28669

SECUNIA - 28615

SECUNIA - 28575

REDHAT - RHSA-2008:0090

CONFIRM - https://issues.rpath.com/browse/RPL-2199

UBUNTU - USN-591-1

BUGTRAQ - 20080206 rPSA-2008-0043-1 icu

CONFIRM - http://www.openoffice.org/security/cves/CVE-2007-5745.html

CONFIRM - http://www.openoffice.org/security/cves/CVE-2007-4770.html

SUSE - SUSE-SA:2008:023

DEBIAN - DSA-1511

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043

SUNALERT - 233922

SUNALERT - 231641

GENTOO - GLSA-200803-20

SECUNIA - 29987

SECUNIA - 29910

SECUNIA - 29852

SECUNIA - 29333

SECUNIA - 29294

SECUNIA - 29291

SECUNIA - 29242

SECUNIA - 29194

SECUNIA - 28783

SUSE - SUSE-SR:2008:005

Related Patches

Novell SUSE 2008:5014 icu security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:45:58