Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7926

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-7926
Last Modified 06 Apr 2015 09:59:47
Published 22 Jan 2015 05:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-7926

Summary

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923.

Vulnerable Systems

Application

  • Google Chrome 40.0.2214.85

  • Icu Project International Components For Unicode 52


References

CONFIRM - https://codereview.chromium.org/726973003

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=422824

CONFIRM - https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb

CONFIRM - https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c

CONFIRM - http://googlechromereleases.blogspot.com/2015/01/stable-update.html

CONFIRM - http://bugs.icu-project.org/trac/ticket/11370

CONFIRM - http://bugs.icu-project.org/trac/ticket/11369

SECUNIA - 62575

GENTOO - GLSA-201502-13

UBUNTU - USN-2476-1

REDHAT - RHSA-2015:0093

BID - 72288

SUSE - openSUSE-SU-2015:0441

CONFIRM - http://advisories.mageia.org/MGASA-2015-0047.html


Last Updated: 27 May 2016 11:08:02