https://github.com/znc/znc/issues/1459

https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp

https://ssl.icu-project.org/trac/changeset/40714

https://ssl.icu-project.org/trac/changeset/40715

https://ssl.icu-project.org/trac/ticket/13490

https://ssl.icu-project.org/trac/ticket/13510

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

According to the version of the icu package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in     International Components for Unicode (ICU) for C/C++     through 60.1 mishandles ucnv_convertEx calls for UTF-8     to UTF-8 conversion, which allows remote attackers to     cause a denial of service (stack-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted string, as demonstrated by     ZNC.(CVE-2017-17484)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

icu was updated to fix two security issues.

These security issues were fixed :

CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629).

CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629).

CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636).

CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674)

CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678)

CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203)

CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193)

CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for icu fixes the following issues :

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp did not ensure that there is a '\0'     character at the end of a certain temporary array, which     allows remote attackers to cause a denial of service     (out-of-bounds read) or possibly have unspecified other     impact via a call with a long httpAcceptLanguage     argument. (bsc#990636)

  - CVE-2017-7868: ICU had an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function. (bsc#1034674)

  - CVE-2017-7867: ICU had an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function. (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed     remote attackers to execute arbitrary code via a crafted     string, aka a 'redundant UVector entry clean up function     call' issue. (bsc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to     UTF-8 conversion, which allows remote attackers to cause     a denial of service (stack-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted string, as demonstrated by ZNC.
    (bsc#1072193)

  - CVE-2017-15422: An integer overflow in persian calendar     calculation was fixed, which could show wrong years.
    (bsc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

icu was updated to fix two security issues.

These security issues were fixed :

  - CVE-2014-8147: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) used an integer data type that is     inconsistent with a header file, which allowed remote     attackers to cause a denial of service (incorrect malloc     followed by invalid free) or possibly execute arbitrary     code via crafted text (bsc#929629).

  - CVE-2014-8146: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) did not properly track directionally     isolated pieces of text, which allowed remote attackers     to cause a denial of service (heap-based buffer     overflow) or possibly execute arbitrary code via crafted     text (bsc#929629).

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp in International Components for     Unicode (ICU) for C/C++ did not ensure that there is a     '\0' character at the end of a certain temporary array,     which allowed remote attackers to cause a denial of     service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument (bsc#990636).

  - CVE-2017-7868: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function (bsc#1034674)

  - CVE-2017-7867: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp in     International Components for Unicode (ICU) for C/C++     allowed remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue (bnc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp in International Components for Unicode     (ICU) for C/C++ mishandled ucnv_convertEx calls for     UTF-8 to UTF-8 conversion, which allowed remote     attackers to cause a denial of service (stack-based     buffer overflow and application crash) or possibly have     unspecified other impact via a crafted string, as     demonstrated by ZNC (bnc#1072193)

  - CVE-2017-15422: An integer overflow in icu during     persian calendar date processing could lead to incorrect     years shown (bnc#1077999)

This update was imported from the SUSE:SLE-12:Update update project.

icu was updated to fix two security issues. These security issues were fixed :

  - CVE-2014-8147: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) used an integer data type that is     inconsistent with a header file, which allowed remote     attackers to cause a denial of service (incorrect malloc     followed by invalid free) or possibly execute arbitrary     code via crafted text (bsc#929629).

  - CVE-2014-8146: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) did not properly track directionally     isolated pieces of text, which allowed remote attackers     to cause a denial of service (heap-based buffer     overflow) or possibly execute arbitrary code via crafted     text (bsc#929629).

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp in International Components for     Unicode (ICU) for C/C++ did not ensure that there is a     '\0' character at the end of a certain temporary array,     which allowed remote attackers to cause a denial of     service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument (bsc#990636).

  - CVE-2017-7868: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function (bsc#1034674)

  - CVE-2017-7867: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp in     International Components for Unicode (ICU) for C/C++     allowed remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue (bnc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp in International Components for Unicode     (ICU) for C/C++ mishandled ucnv_convertEx calls for     UTF-8 to UTF-8 conversion, which allowed remote     attackers to cause a denial of service (stack-based     buffer overflow and application crash) or possibly have     unspecified other impact via a crafted string, as     demonstrated by ZNC (bnc#1072193)

  - CVE-2017-15422: An integer overflow in icu during     persian calendar date processing could lead to incorrect     years shown (bnc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
131477	EulerOS Virtualization for ARM 64 3.0.3.0 : icu (EulerOS-SA-2019-2312)	Nessus	Huawei Local Security Checks	high
118258	SUSE SLES12 Security Update : icu (SUSE-SU-2018:1401-2)	Nessus	SuSE Local Security Checks	high
110443	SUSE SLES11 Security Update : icu (SUSE-SU-2018:1602-1)	Nessus	SuSE Local Security Checks	high
110107	openSUSE Security Update : icu (openSUSE-2018-517)	Nessus	SuSE Local Security Checks	high
110093	SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2018:1401-1)	Nessus	SuSE Local Security Checks	high

CVE-2017-17484

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins