7.5
CVE-2014-8146
- EPSS 24.47%
- Veröffentlicht 25.05.2015 22:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 24.47% | 0.976 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
https://support.apple.com/HT205221
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
https://support.apple.com/HT205212
https://support.apple.com/HT205213
https://support.apple.com/HT205267
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.debian.org/security/2015/dsa-3323
http://bugs.icu-project.org/trac/changeset/37162
http://openwall.com/lists/oss-security/2015/05/05/6
http://seclists.org/fulldisclosure/2015/May/14
http://www.kb.cert.org/vuls/id/602540
http://www.securityfocus.com/bid/74457
https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt
https://security.gentoo.org/glsa/201507-04