http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

An update of the icu package has been released.

According to the versions of the icu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Double free in i18n/zonemeta.cpp in International     Components for Unicode (ICU) for C/C++ through 59.1     allows remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue.(CVE-2017-14952)

  - Stack-based buffer overflow in the     ures_getByKeyWithFallback function in     common/uresbund.cpp in International Components for     Unicode (ICU) before 54.1 for C/C++ allows remote     attackers to cause a denial of service or possibly have     unspecified other impact via a crafted     uloc_getDisplayName call.(CVE-2014-9911)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

icu was updated to fix two security issues.

These security issues were fixed :

CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629).

CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629).

CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636).

CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674)

CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678)

CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203)

CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193)

CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for icu fixes the following issues :

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp did not ensure that there is a '\0'     character at the end of a certain temporary array, which     allows remote attackers to cause a denial of service     (out-of-bounds read) or possibly have unspecified other     impact via a call with a long httpAcceptLanguage     argument. (bsc#990636)

  - CVE-2017-7868: ICU had an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function. (bsc#1034674)

  - CVE-2017-7867: ICU had an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function. (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed     remote attackers to execute arbitrary code via a crafted     string, aka a 'redundant UVector entry clean up function     call' issue. (bsc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to     UTF-8 conversion, which allows remote attackers to cause     a denial of service (stack-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted string, as demonstrated by ZNC.
    (bsc#1072193)

  - CVE-2017-15422: An integer overflow in persian calendar     calculation was fixed, which could show wrong years.
    (bsc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

icu was updated to fix two security issues.

These security issues were fixed :

  - CVE-2014-8147: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) used an integer data type that is     inconsistent with a header file, which allowed remote     attackers to cause a denial of service (incorrect malloc     followed by invalid free) or possibly execute arbitrary     code via crafted text (bsc#929629).

  - CVE-2014-8146: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) did not properly track directionally     isolated pieces of text, which allowed remote attackers     to cause a denial of service (heap-based buffer     overflow) or possibly execute arbitrary code via crafted     text (bsc#929629).

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp in International Components for     Unicode (ICU) for C/C++ did not ensure that there is a     '\0' character at the end of a certain temporary array,     which allowed remote attackers to cause a denial of     service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument (bsc#990636).

  - CVE-2017-7868: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function (bsc#1034674)

  - CVE-2017-7867: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp in     International Components for Unicode (ICU) for C/C++     allowed remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue (bnc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp in International Components for Unicode     (ICU) for C/C++ mishandled ucnv_convertEx calls for     UTF-8 to UTF-8 conversion, which allowed remote     attackers to cause a denial of service (stack-based     buffer overflow and application crash) or possibly have     unspecified other impact via a crafted string, as     demonstrated by ZNC (bnc#1072193)

  - CVE-2017-15422: An integer overflow in icu during     persian calendar date processing could lead to incorrect     years shown (bnc#1077999)

This update was imported from the SUSE:SLE-12:Update update project.

icu was updated to fix two security issues. These security issues were fixed :

  - CVE-2014-8147: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) used an integer data type that is     inconsistent with a header file, which allowed remote     attackers to cause a denial of service (incorrect malloc     followed by invalid free) or possibly execute arbitrary     code via crafted text (bsc#929629).

  - CVE-2014-8146: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) did not properly track directionally     isolated pieces of text, which allowed remote attackers     to cause a denial of service (heap-based buffer     overflow) or possibly execute arbitrary code via crafted     text (bsc#929629).

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp in International Components for     Unicode (ICU) for C/C++ did not ensure that there is a     '\0' character at the end of a certain temporary array,     which allowed remote attackers to cause a denial of     service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument (bsc#990636).

  - CVE-2017-7868: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function (bsc#1034674)

  - CVE-2017-7867: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp in     International Components for Unicode (ICU) for C/C++     allowed remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue (bnc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp in International Components for Unicode     (ICU) for C/C++ mishandled ucnv_convertEx calls for     UTF-8 to UTF-8 conversion, which allowed remote     attackers to cause a denial of service (stack-based     buffer overflow and application crash) or possibly have     unspecified other impact via a crafted string, as     demonstrated by ZNC (bnc#1072193)

  - CVE-2017-15422: An integer overflow in icu during     persian calendar date processing could lead to incorrect     years shown (bnc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Resolves: rhbz#1510932 CVE-2017-14952

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the icu packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Double free in i18n/zonemeta.cpp in International     Components for Unicode (ICU) for C/C++ through 59.1     allows remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue.(CVE-2017-14952)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the icu packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Double free in i18n/zonemeta.cpp in International     Components for Unicode (ICU) for C/C++ through 59.1     allows remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue.(CVE-2017-14952)

  - The International Components for Unicode (ICU)     libraries provide robust and full-featured Unicode     services on a wide variety of platforms. ICU supports     the most current version of the Unicode standard, and     they provide support for supplementary Unicode     characters (needed for GB 18030 repertoire support). As     computing environments become more heterogeneous,     software portability becomes more important. ICU lets     you produce the same results across all the various     platforms you support, without sacrificing performance.
    It offers great flexibility to extend and customize the     supplied services. Security Fix(es): Stack-based buffer     overflow in the ures_getByKeyWithFallback function in     common/uresbund.cpp in International Components for     Unicode (ICU) before 54.1 for C/C++ allows remote     attackers to cause a denial of service or possibly have     unspecified other impact via a crafted     uloc_getDisplayName call.(CVE-2014-9911)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ICU incorrectly handled certain inputs. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
141442	Photon OS 2.0: Icu PHSA-2020-2.0-0288	Nessus	PhotonOS Local Security Checks	critical
124956	EulerOS Virtualization 3.0.1.0 : icu (EulerOS-SA-2019-1453)	Nessus	Huawei Local Security Checks	high
118258	SUSE SLES12 Security Update : icu (SUSE-SU-2018:1401-2)	Nessus	SuSE Local Security Checks	high
110443	SUSE SLES11 Security Update : icu (SUSE-SU-2018:1602-1)	Nessus	SuSE Local Security Checks	high
110107	openSUSE Security Update : icu (openSUSE-2018-517)	Nessus	SuSE Local Security Checks	high
110093	SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2018:1401-1)	Nessus	SuSE Local Security Checks	high
105920	Fedora 27 : icu (2017-856e8f657d)	Nessus	Fedora Local Security Checks	high
104924	EulerOS 2.0 SP2 : icu (EulerOS-SA-2017-1306)	Nessus	Huawei Local Security Checks	high
104923	EulerOS 2.0 SP1 : icu (EulerOS-SA-2017-1305)	Nessus	Huawei Local Security Checks	high
104597	Fedora 26 : icu (2017-3c893719f4)	Nessus	Fedora Local Security Checks	high
104119	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : icu vulnerability (USN-3458-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2017-14952

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins