Skip to main content

International Components For Unicode CVE-2014-9911

CRITICAL
Buffer Overflow (CWE-119)
2017-01-04 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 04, 2017 - 20:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.

AnalysisAI

Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. Affected products include: Icu-Project International Components For Unicode. Version information: before 54.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2014-8147 HIGH POC
7.5 May 25

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in I

CVE-2014-8146 HIGH POC
7.5 May 25

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in I

CVE-2017-17484 CRITICAL POC
9.8 Dec 10

The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 misha

CVE-2016-6293 CRITICAL POC
9.8 Jul 25

The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 f

CVE-2016-7415 CRITICAL POC
9.8 Sep 17

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) throug

CVE-2017-14952 CRITICAL
9.8 Oct 16

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote atta

CVE-2015-5922 CRITICAL
10.0 Oct 09

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.1

CVE-2014-9654 CRITICAL
9.8 Apr 24

The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Go

CVE-2018-18928 CRITICAL
9.8 Nov 04

International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toSc

CVE-2020-10531 HIGH
8.8 Mar 12

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS

CVE-2017-7868 HIGH
7.5 Apr 14

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based

CVE-2014-7926 HIGH
7.5 Jan 22

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in

Share

CVE-2014-9911 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy