CVE-2011-4599

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.

References

http://bugs.icu-project.org/trac/ticket/8984

http://code.google.com/p/chromium/issues/detail?id=106441

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html

http://rhn.redhat.com/errata/RHSA-2011-1815.html

http://secunia.com/advisories/47146

http://secunia.com/advisories/47227

http://secunia.com/advisories/47674

http://secunia.com/advisories/47714

http://secunia.com/advisories/47775

http://support.apple.com/kb/HT5501

http://support.apple.com/kb/HT5503

http://ubuntu.com/usn/usn-1348-1

http://www.debian.org/security/2012/dsa-2397

http://www.mandriva.com/security/advisories?name=MDVSA-2011:194

http://www.openwall.com/lists/oss-security/2011/12/09/2

http://www.openwall.com/lists/oss-security/2011/12/09/5

http://www.osvdb.org/77698

http://www.securityfocus.com/bid/51006

https://exchange.xforce.ibmcloud.com/vulnerabilities/71726

Details

Source: MITRE

Published: 2012-06-21

Updated: 2018-01-24

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
80641Oracle Solaris Third-Party Patch Update : icu (multiple_vulnerabilities_in_international_components)NessusSolaris Local Security Checks
high
75866openSUSE Security Update : icu (openSUSE-SU-2012:0100-1)NessusSuSE Local Security Checks
high
75530openSUSE Security Update : icu (openSUSE-SU-2012:0100-1)NessusSuSE Local Security Checks
high
69640Amazon Linux AMI : icu (ALAS-2012-33)NessusAmazon Linux Local Security Checks
high
68406Oracle Linux 5 / 6 : icu (ELSA-2011-1815)NessusOracle Linux Local Security Checks
high
64157SuSE 11.2 Security Update : icu (SAT Patch Number 7204)NessusSuSE Local Security Checks
high
62357Apple TV < 5.1 Multiple VulnerabilitiesNessusGain a shell remotely
high
62288GLSA-201209-07 : International Components for Unicode: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
6589Apple iOS < 6.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
62242Apple iOS < 6.0 Multiple VulnerabilitiesNessusMobile Devices
critical
6583Mac OS X 10.7 < 10.7.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
62214Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
62213Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)NessusMacOS X Local Security Checks
critical
61205Scientific Linux Security Update : icu on SL5.x, SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
58577SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)NessusSuSE Local Security Checks
high
57737Debian DSA-2397-1 : icu - buffer underflowNessusDebian Local Security Checks
high
57706Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : icu vulnerability (USN-1348-1)NessusUbuntu Local Security Checks
high
57613SuSE 11.1 Security Update : icu (SAT Patch Number 5653)NessusSuSE Local Security Checks
high
57407Mandriva Linux Security Advisory : icu (MDVSA-2011:194)NessusMandriva Local Security Checks
high
57388Fedora 15 : icu-4.4.2-9.fc15 (2011-17119)NessusFedora Local Security Checks
high
57386Fedora 16 : icu-4.6-3.fc16 (2011-17101)NessusFedora Local Security Checks
high
57296RHEL 5 / 6 : icu (RHSA-2011:1815)NessusRed Hat Local Security Checks
high
57291CentOS 5 / 6 : icu (CESA-2011:1815)NessusCentOS Local Security Checks
high