CVE-2017-15422

MEDIUM

Description

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

References

https://access.redhat.com/errata/RHSA-2017:3401

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

https://crbug.com/774382

https://security.gentoo.org/glsa/201801-03

https://usn.ubuntu.com/3610-1/

https://www.debian.org/security/2018/dsa-4150

Details

Source: MITRE

Published: 2018-08-28

Updated: 2018-11-07

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
140866EulerOS 2.0 SP3 : icu (EulerOS-SA-2020-2099)NessusHuawei Local Security Checks
medium
136271EulerOS Virtualization for ARM 64 3.0.2.0 : icu (EulerOS-SA-2020-1568)NessusHuawei Local Security Checks
medium
135616EulerOS Virtualization 3.0.2.2 : icu (EulerOS-SA-2020-1454)NessusHuawei Local Security Checks
critical
133907EulerOS 2.0 SP5 : icu (EulerOS-SA-2020-1106)NessusHuawei Local Security Checks
medium
131882EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)NessusHuawei Local Security Checks
critical
120695Fedora 28 : chromium (2018-aafdbb5554)NessusFedora Local Security Checks
medium
118258SUSE SLES12 Security Update : icu (SUSE-SU-2018:1401-2)NessusSuSE Local Security Checks
high
117531Fedora 27 : icu (2018-1a85045c79)NessusFedora Local Security Checks
medium
700351Google Chrome < 63.0.3239.84 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
110443SUSE SLES11 Security Update : icu (SUSE-SU-2018:1602-1)NessusSuSE Local Security Checks
high
110107openSUSE Security Update : icu (openSUSE-2018-517)NessusSuSE Local Security Checks
high
110093SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2018:1401-1)NessusSuSE Local Security Checks
high
108708Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : ICU vulnerability (USN-3610-1)NessusUbuntu Local Security Checks
medium
108679Fedora 27 : chromium (2018-faff5f661e)NessusFedora Local Security Checks
medium
108610Debian DSA-4150-1 : icu - security updateNessusDebian Local Security Checks
medium
107035Fedora 26 : qt5-qtwebengine (2018-c0d3db441f)NessusFedora Local Security Checks
medium
106991Fedora 27 : qt5-qtwebengine (2018-e08d828ed9)NessusFedora Local Security Checks
medium
106236FreeBSD : chromium -- multiple vulnerabilities (1d951e85-ffdb-11e7-8b91-e8e0b747a45a)NessusFreeBSD Local Security Checks
medium
105968Fedora 27 : chromium (2017-c2645aa935)NessusFedora Local Security Checks
medium
105629GLSA-201801-03 : Chromium, Google Chrome: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
105501Fedora 26 : chromium (2017-ea44f172e3)NessusFedora Local Security Checks
high
105235openSUSE Security Update : chromium (openSUSE-2017-1349)NessusSuSE Local Security Checks
medium
105153Google Chrome < 63.0.3239.84 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
medium
105152Google Chrome < 63.0.3239.84 Multiple VulnerabilitiesNessusWindows
medium
105091RHEL 6 : chromium-browser (RHSA-2017:3401)NessusRed Hat Local Security Checks
medium
105081macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)NessusMacOS X Local Security Checks
high
105080macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)NessusMacOS X Local Security Checks
high