6.5

CVE-2017-15396

A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 62.0.3202.75
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Icu-projectInternational Components For Unicode SwPlatformc/c++ Version < 60.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.2% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.debian.org/security/2017/dsa-4020
http://bugs.icu-project.org/trac/changeset/40494
http://www.securityfocus.com/bid/101597
https://access.redhat.com/errata/RHSA-2017:3082
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html
https://crbug.com/770452
https://security.gentoo.org/glsa/201711-02