CVE-2017-15422

MEDIUM

Description

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

References

https://access.redhat.com/errata/RHSA-2017:3401

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

https://crbug.com/774382

https://security.gentoo.org/glsa/201801-03

https://usn.ubuntu.com/3610-1/

https://www.debian.org/security/2018/dsa-4150

Details

Source: MITRE

Published: 2018-08-28

Updated: 2018-11-07

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
131882	EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)	Nessus	Huawei Local Security Checks	critical
120695	Fedora 28 : chromium (2018-aafdbb5554)	Nessus	Fedora Local Security Checks	medium
118258	SUSE SLES12 Security Update : icu (SUSE-SU-2018:1401-2)	Nessus	SuSE Local Security Checks	high
117531	Fedora 27 : icu (2018-1a85045c79)	Nessus	Fedora Local Security Checks	medium
700351	Google Chrome < 63.0.3239.84 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
110443	SUSE SLES11 Security Update : icu (SUSE-SU-2018:1602-1)	Nessus	SuSE Local Security Checks	high
110107	openSUSE Security Update : icu (openSUSE-2018-517)	Nessus	SuSE Local Security Checks	high
110093	SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2018:1401-1)	Nessus	SuSE Local Security Checks	high
108708	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : icu vulnerability (USN-3610-1)	Nessus	Ubuntu Local Security Checks	medium
108679	Fedora 27 : chromium (2018-faff5f661e)	Nessus	Fedora Local Security Checks	medium
108610	Debian DSA-4150-1 : icu - security update	Nessus	Debian Local Security Checks	medium
107035	Fedora 26 : qt5-qtwebengine (2018-c0d3db441f)	Nessus	Fedora Local Security Checks	medium
106991	Fedora 27 : qt5-qtwebengine (2018-e08d828ed9)	Nessus	Fedora Local Security Checks	medium
106236	FreeBSD : chromium -- multiple vulnerabilities (1d951e85-ffdb-11e7-8b91-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	medium
105968	Fedora 27 : chromium (2017-c2645aa935)	Nessus	Fedora Local Security Checks	medium
105629	GLSA-201801-03 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
105501	Fedora 26 : chromium (2017-ea44f172e3)	Nessus	Fedora Local Security Checks	high
105235	openSUSE Security Update : chromium (openSUSE-2017-1349)	Nessus	SuSE Local Security Checks	medium
105153	Google Chrome < 63.0.3239.84 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	medium
105152	Google Chrome < 63.0.3239.84 Multiple Vulnerabilities	Nessus	Windows	medium
105091	RHEL 6 : chromium-browser (RHSA-2017:3401)	Nessus	Red Hat Local Security Checks	medium
105081	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)	Nessus	MacOS X Local Security Checks	high
105080	macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)	Nessus	MacOS X Local Security Checks	high