Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7940

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-7940
Last Modified 06 Apr 2015 09:59:48
Published 22 Jan 2015 05:59:20
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-7940

Summary

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.

Vulnerable Systems

Application

  • Google Chrome 40.0.2214.85

  • Icu Project International Components For Unicode 52


References

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=433866

CONFIRM - https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8

CONFIRM - https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075

CONFIRM - http://googlechromereleases.blogspot.com/2015/01/stable-update.html

SECUNIA - 62575

GENTOO - GLSA-201502-13

UBUNTU - USN-2476-1

REDHAT - RHSA-2015:0093

BID - 72288

SUSE - openSUSE-SU-2015:0441

CONFIRM - http://advisories.mageia.org/MGASA-2015-0047.html


Last Updated: 27 May 2016 11:08:02