CVE-2014-7923

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.

References

http://advisories.mageia.org/MGASA-2015-0047.html

http://bugs.icu-project.org/trac/ticket/11370

http://googlechromereleases.blogspot.com/2015/01/stable-update.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

http://rhn.redhat.com/errata/RHSA-2015-0093.html

http://secunia.com/advisories/62383

http://secunia.com/advisories/62575

http://secunia.com/advisories/62665

http://security.gentoo.org/glsa/glsa-201502-13.xml

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securityfocus.com/bid/72288

http://www.securitytracker.com/id/1031623

http://www.ubuntu.com/usn/USN-2476-1

https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c

https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb

https://code.google.com/p/chromium/issues/detail?id=430353

https://codereview.chromium.org/726973003

https://security.gentoo.org/glsa/201503-06

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Details

Source: MITRE

Published: 2015-01-22

Updated: 2019-04-23

Type: CWE-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
135616EulerOS Virtualization 3.0.2.2 : icu (EulerOS-SA-2020-1454)NessusHuawei Local Security Checks
critical
134550EulerOS Virtualization for ARM 64 3.0.2.0 : icu (EulerOS-SA-2020-1261)NessusHuawei Local Security Checks
critical
132129EulerOS 2.0 SP3 : icu (EulerOS-SA-2019-2594)NessusHuawei Local Security Checks
critical
131882EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)NessusHuawei Local Security Checks
critical
130868EulerOS 2.0 SP5 : icu (EulerOS-SA-2019-2159)NessusHuawei Local Security Checks
high
86376Fedora 22 : icu-54.1-4.fc22 (2015-16314)NessusFedora Local Security Checks
critical
86111Fedora 23 : icu-54.1-5.fc23 (2015-16315)NessusFedora Local Security Checks
critical
83476Debian DLA-219-1 : icu security updateNessusDebian Local Security Checks
critical
83123Fedora 21 : icu-52.1-6.fc21 (2015-6087)NessusFedora Local Security Checks
critical
83122Fedora 20 : icu-50.1.2-12.fc20 (2015-6084)NessusFedora Local Security Checks
critical
82414Mandriva Linux Security Advisory : icu (MDVSA-2015:161-1)NessusMandriva Local Security Checks
high
82005GLSA-201503-06 : ICU: Multiple VulnerabilitiesNessusGentoo Local Security Checks
critical
81831Debian DSA-3187-1 : icu - security updateNessusDebian Local Security Checks
critical
81754Ubuntu 12.04 LTS : icu vulnerabilities (USN-2522-3)NessusUbuntu Local Security Checks
critical
81698Ubuntu 12.04 LTS : icu regression (USN-2522-2)NessusUbuntu Local Security Checks
critical
81692openSUSE Security Update : chromium (openSUSE-2015-204)NessusSuSE Local Security Checks
high
81668Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : icu vulnerabilities (USN-2522-1)NessusUbuntu Local Security Checks
critical
81396GLSA-201502-13 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
8889Google Chrome < 40.0.2214.91 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
81035RHEL 6 : chromium-browser (RHSA-2015:0093)NessusRed Hat Local Security Checks
high
81016Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2476-1)NessusUbuntu Local Security Checks
high
80951Google Chrome < 40.0.2214.91 Multiple VulnerabilitiesNessusWindows
high
80950Google Chrome < 40.0.2214.91 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
80898FreeBSD : chromium -- multiple vulnerabilities (e30e0c99-a1b7-11e4-b85c-00262d5ed8ee)NessusFreeBSD Local Security Checks
high