{"vuid":"VU#602540","idnumber":"602540","name":"ICU Project ICU4C library contains multiple overflow vulnerabilities","keywords":["integer overflow","heap overflow","icu","icu4c"],"overview":"ICU Project ICU4C library, versions 52 through 54, contains a heap-based buffer overflow and an integer overflow.","clean_desc":"The ICU Project describes ICU as \"a mature, widely used set of C/C++ and Java libraries providing Unicode and Globalization support for software applications.\" CWE-122: Heap-based Buffer Overflow - CVE-2014-8146 Multiple out-of-bounds writes may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C. CWE-190: Integer Overflow or Wraparound - CVE-2014-8147 An integer overflow may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C due to the assignment of an int32 value to an int16 type. Both issues may lead to denial of service and the possibility of code execution. For more details, refer to Pedro Ribeiro's disclosure.","impact":"An attacker may be able to provide input that triggers one or both overflow vulnerabilities, leading to denial of service and the possibility of code execution.","resolution":"Apply an update These issues have been addressed in ICU4C version 55.1. Developers are encouraged to update applications that make use of affected versions of ICU4C. Users of affected products should check with product vendors for updates that utilize a patched version of ICU4C.","workarounds":"","sysaffected":"","thanks":"Thanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting this vulnerability.","author":"This document was written by Joel Land.","public":["http://site.icu-project.org/","http://site.icu-project.org/download/55","http://site.icu-project.org/#TOC-Who-Uses-ICU-","https://cwe.mitre.org/data/definitions/122.html","https://cwe.mitre.org/data/definitions/190.html","https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt"],"cveids":["CVE-2014-8146","CVE-2014-8147"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-04-21T13:18:06Z","publicdate":"2015-05-04T00:00:00Z","datefirstpublished":"2015-05-04T19:13:49Z","dateupdated":"2015-08-03T14:03:16Z","revision":25,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.4","cvss_basevector":"AV:L/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"3.4","cvss_environmentalscore":"3.42799915242645","cvss_environmentalvector":"CDP:N/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}