Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ICU Project ICU4C library contains multiple overflow vulnerabilities
Informations
Name VU#602540 First vendor Publication 2015-05-04
Vendor VU-CERT Last vendor Modification 2015-05-07
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#602540

ICU Project ICU4C library contains multiple overflow vulnerabilities

Original Release date: 04 May 2015 | Last revised: 07 May 2015

Overview

ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow.

Description

The ICU Project describes ICU as "a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications."

CWE-122: Heap-based Buffer Overflow - CVE-2014-8146

Multiple out-of-bounds writes may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C.

CWE-190: Integer Overflow or Wraparound - CVE-2014-8147

An integer overflow may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C due to the assignment of an int32 value to an int16 type.

Both issues may lead to denial of service and the possibility of code execution. For more details, refer to Pedro Ribeiro's disclosure.

Impact

An attacker may be able to provide input that triggers one or both overflow vulnerabilities, leading to denial of service and the possibility of code execution.

Solution

Apply an update

These issues have been addressed in ICU4C version 55.1. Developers are encouraged to update applications that make use of affected versions of ICU4C. Users of affected products should check with product vendors for updates that utilize a patched version of ICU4C.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
FreeBSD ProjectAffected30 Apr 201501 May 2015
ICU ProjectAffected24 Apr 201504 May 2015
SAPNot Affected30 Apr 201507 May 2015
AdobeUnknown30 Apr 201530 Apr 2015
AmazonUnknown30 Apr 201530 Apr 2015
Apache HTTP Server ProjectUnknown30 Apr 201530 Apr 2015
AppleUnknown30 Apr 201530 Apr 2015
Avaya, Inc.Unknown30 Apr 201530 Apr 2015
BAE SystemsUnknown30 Apr 201530 Apr 2015
Business ObjectsUnknown30 Apr 201530 Apr 2015
Debian GNU/LinuxUnknown30 Apr 201530 Apr 2015
Dell Computer Corporation, Inc.Unknown30 Apr 201530 Apr 2015
eBayUnknown30 Apr 201530 Apr 2015
Eclipse Foundation IncUnknown30 Apr 201530 Apr 2015
EMC CorporationUnknown30 Apr 201530 Apr 2015
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

GroupScoreVector
Base4.4AV:L/AC:M/Au:N/C:P/I:P/A:P
Temporal3.4E:POC/RL:OF/RC:C
Environmental3.4CDP:N/TD:H/CR:ND/IR:ND/AR:ND

References

  • http://site.icu-project.org/
  • http://site.icu-project.org/download/55
  • http://site.icu-project.org/#TOC-Who-Uses-ICU-
  • https://cwe.mitre.org/data/definitions/122.html
  • https://cwe.mitre.org/data/definitions/190.html
  • https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt

Credit

Thanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting this vulnerability.

This document was written by Joel Land.

Other Information

  • CVE IDs:CVE-2014-8146CVE-2014-8147
  • Date Public:04 May 2015
  • Date First Published:04 May 2015
  • Date Last Updated:07 May 2015
  • Document Revision:22

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/602540

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 300
Application 2
Application 1
Application 1
Os 149
Os 102
Os 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-09-24 IAVM : 2015-A-0222 - Multiple Security Vulnerabilities in Apple iOS
Severity : Category I - VMSKEY : V0061471

Nessus® Vulnerability Scanner

Date Description
2017-09-06 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1011.nasl - Type : ACT_GATHER_INFO
2017-09-01 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-2318-1.nasl - Type : ACT_GATHER_INFO
2016-02-29 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-273.nasl - Type : ACT_GATHER_INFO
2016-02-04 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0324-1.nasl - Type : ACT_GATHER_INFO
2015-12-29 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-953.nasl - Type : ACT_GATHER_INFO
2015-11-05 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1915-1.nasl - Type : ACT_GATHER_INFO
2015-10-26 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_12_3_0_banner.nasl - Type : ACT_GATHER_INFO
2015-10-05 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_11.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_12_3_0.nasl - Type : ACT_GATHER_INFO
2015-08-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3323.nasl - Type : ACT_GATHER_INFO
2015-07-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201507-04.nasl - Type : ACT_GATHER_INFO
2015-05-12 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2605-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2015-05-26 21:30:13
  • Multiple Updates
2015-05-26 05:29:10
  • Multiple Updates
2015-05-07 17:24:09
  • Multiple Updates
2015-05-06 00:25:41
  • Multiple Updates
2015-05-05 00:24:49
  • First insertion