Информационная безопасность
[RU] switch to English


CVECVE-2014-8147
СтатусUNKNOWN
ОписаниеThe resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.
Важность
High
CVSS score7,5
CVSS vector(AV:N/AC:L/Au:N/C:P/I:P/A:P)
PhaseASSIGNED (09.10.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8147
ReferencesCONFIRM : http://bugs.icu-project.org/trac/changeset/37080
 MISC : https://raw.githubusercontent.com/pedrib/PoC/maste...
 CERT-VN : VU#602540
 MLIST : [oss-security] 20150505 [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL
SecurityVulns:Уязвимости безопасности в libicu
 Многочисленные уязвимости безопасности в Apple Mac OS X / Mac EFI / OS X Server
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород