CVE-2014-9654HIGH
Description
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
References
http://bugs.icu-project.org/trac/changeset/36801
http://bugs.icu-project.org/trac/ticket/11371
http://openwall.com/lists/oss-security/2015/02/05/15
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securitytracker.com/id/1035410
https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
https://code.google.com/p/chromium/issues/detail?id=432209
https://security.gentoo.org/glsa/201503-06
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Details
Source: MITRE
Published: 2017-04-24
Updated: 2019-04-23
Type: CWE-119
Risk Information
CVSS v2.0
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
CVSS v3.0
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 40.0.2214.85 (inclusive)
Configuration 2
OR
cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 135616 | EulerOS Virtualization 3.0.2.2 : icu (EulerOS-SA-2020-1454) | Nessus | Huawei Local Security Checks | critical |
| 134550 | EulerOS Virtualization for ARM 64 3.0.2.0 : icu (EulerOS-SA-2020-1261) | Nessus | Huawei Local Security Checks | high |
| 132129 | EulerOS 2.0 SP3 : icu (EulerOS-SA-2019-2594) | Nessus | Huawei Local Security Checks | critical |
| 131882 | EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390) | Nessus | Huawei Local Security Checks | critical |
| 129126 | EulerOS 2.0 SP5 : icu (EulerOS-SA-2019-1969) | Nessus | Huawei Local Security Checks | critical |
| 90595 | SUSE SLES11 Security Update : icu (SUSE-SU-2016:1090-1) | Nessus | SuSE Local Security Checks | high |
| 86538 | SUSE SLED11 / SLES11 Security Update : icu (SUSE-SU-2015:1790-1) | Nessus | SuSE Local Security Checks | high |
| 86376 | Fedora 22 : icu-54.1-4.fc22 (2015-16314) | Nessus | Fedora Local Security Checks | high |
| 86111 | Fedora 23 : icu-54.1-5.fc23 (2015-16315) | Nessus | Fedora Local Security Checks | high |
| 84427 | SUSE SLED11 / SLES11 Security Update : icu (SUSE-SU-2015:1144-1) | Nessus | SuSE Local Security Checks | high |
| 83694 | SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2015:0458-1) | Nessus | SuSE Local Security Checks | high |
| 83476 | Debian DLA-219-1 : icu security update | Nessus | Debian Local Security Checks | critical |
| 83123 | Fedora 21 : icu-52.1-6.fc21 (2015-6087) | Nessus | Fedora Local Security Checks | high |
| 83122 | Fedora 20 : icu-50.1.2-12.fc20 (2015-6084) | Nessus | Fedora Local Security Checks | high |
| 82005 | GLSA-201503-06 : ICU: Multiple Vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 81831 | Debian DSA-3187-1 : icu - security update | Nessus | Debian Local Security Checks | critical |
| 81754 | Ubuntu 12.04 LTS : icu vulnerabilities (USN-2522-3) | Nessus | Ubuntu Local Security Checks | critical |
| 81698 | Ubuntu 12.04 LTS : icu regression (USN-2522-2) | Nessus | Ubuntu Local Security Checks | critical |
| 81668 | Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : icu vulnerabilities (USN-2522-1) | Nessus | Ubuntu Local Security Checks | critical |