http://bugs.icu-project.org/trac/changeset/39671

DSA-3830

97672

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213

GLSA-201710-03

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

According to the versions of the icu packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - International Components for Unicode (ICU) for C/C++     before 2017-02-13 has an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function.(CVE-2017-7868)

  - International Components for Unicode (ICU) for C/C++     before 2017-02-13 has an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function.(CVE-2017-7867)

  - Stack-based buffer overflow in the Locale class in     common/locid.cpp in International Components for     Unicode (ICU) through 57.1 for C/C++ allows remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     long locale string.(CVE-2016-7415)

  - The Regular Expressions package in International     Components for Unicode (ICU) 52 before SVN revision     292944, as used in Google Chrome before 40.0.2214.91,     allows remote attackers to cause a denial of service     (memory corruption) or possibly have unspecified other     impact via vectors related to a look-behind     expression.(CVE-2014-7923)

  - The Regular Expressions package in International     Components for Unicode (ICU) 52 before SVN revision     292944, as used in Google Chrome before 40.0.2214.91,     allows remote attackers to cause a denial of service     (memory corruption) or possibly have unspecified other     impact via vectors related to a zero-length     quantifier.(CVE-2014-7926)

  - The Regular Expressions package in International     Components for Unicode (ICU) for C/C++ before     2014-12-03, as used in Google Chrome before     40.0.2214.91, calculates certain values without     ensuring that they can be represented in a 24-bit     field, which allows remote attackers to cause a denial     of service (memory corruption) or possibly have     unspecified other impact via a crafted string, a     related issue to CVE-2014-7923.(CVE-2014-9654)

  - The uloc_acceptLanguageFromHTTP function in     common/uloc.cpp in International Components for Unicode     (ICU) through 57.1 for C/C++ does not ensure that there     is a '\0' character at the end of a certain temporary     array, which allows remote attackers to cause a denial     of service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument.(CVE-2016-6293)

  - Unspecified vulnerability in Oracle Java SE 6u101,     7u85, and 8u60, and Java SE Embedded 8u51, allows     remote attackers to affect confidentiality, integrity,     and availability via unknown vectors related to     2D.(CVE-2015-4844)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the icu packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Stack-based buffer overflow in the Locale class in     common/locid.cpp in International Components for     Unicode (ICU) through 57.1 for C/C++ allows remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     long locale string.(CVE-2016-7415)

  - Integer overflow in international date handling in     International Components for Unicode (ICU) for C/C++     before 60.1, as used in V8 in Google Chrome prior to     63.0.3239.84 and other products, allowed a remote     attacker to perform an out of bounds memory read via a     crafted HTML page.(CVE-2017-15422)

  - The Regular Expressions package in International     Components for Unicode (ICU) 52 before SVN revision     292944, as used in Google Chrome before 40.0.2214.91,     allows remote attackers to cause a denial of service     (memory corruption) or possibly have unspecified other     impact via vectors related to a look-behind     expression.(CVE-2014-7923)

  - The Regular Expressions package in International     Components for Unicode (ICU) 52 before SVN revision     292944, as used in Google Chrome before 40.0.2214.91,     allows remote attackers to cause a denial of service     (memory corruption) or possibly have unspecified other     impact via vectors related to a zero-length     quantifier.(CVE-2014-7926)

  - The collator implementation in i18n/ucol.cpp in     International Components for Unicode (ICU) 52 through     SVN revision 293126, as used in Google Chrome before     40.0.2214.91, does not initialize memory for a data     structure, which allows remote attackers to cause a     denial of service or possibly have unspecified other     impact via a crafted character sequence.(CVE-2014-7940)

  - The Regular Expressions package in International     Components for Unicode (ICU) for C/C++ before     2014-12-03, as used in Google Chrome before     40.0.2214.91, calculates certain values without     ensuring that they can be represented in a 24-bit     field, which allows remote attackers to cause a denial     of service (memory corruption) or possibly have     unspecified other impact via a crafted string, a     related issue to CVE-2014-7923.(CVE-2014-9654)

  - Unspecified vulnerability in Oracle Java SE 6u101,     7u85, and 8u60, and Java SE Embedded 8u51, allows     remote attackers to affect confidentiality, integrity,     and availability via unknown vectors related to     2D.(CVE-2015-4844)

  - The uloc_acceptLanguageFromHTTP function in     common/uloc.cpp in International Components for Unicode     (ICU) through 57.1 for C/C++ does not ensure that there     is a '\0' character at the end of a certain temporary     array, which allows remote attackers to cause a denial     of service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument.(CVE-2016-6293)

  - International Components for Unicode (ICU) for C/C++     before 2017-02-13 has an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function.(CVE-2017-7867)

  - International Components for Unicode (ICU) for C/C++     before 2017-02-13 has an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function.(CVE-2017-7868)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the icu packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Unspecified vulnerability in the Java SE and Java SE     Embedded components in Oracle Java SE 6u105, 7u91, and     8u66 and Java SE Embedded 8u65 allows remote attackers     to affect confidentiality, integrity, and availability     via unknown vectors related to 2D.(CVE-2016-0494)

  - Unspecified vulnerability in Oracle Java SE 6u101,     7u85, and 8u60, and Java SE Embedded 8u51, allows     remote attackers to affect confidentiality, integrity,     and availability via unknown vectors related to     2D.(CVE-2015-4844)

  - Stack-based buffer overflow in the Locale class in     common/locid.cpp in International Components for     Unicode (ICU) through 57.1 for C/C++ allows remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     long locale string.(CVE-2016-7415)

  - The uloc_acceptLanguageFromHTTP function in     common/uloc.cpp in International Components for Unicode     (ICU) through 57.1 for C/C++ does not ensure that there     is a '\0' character at the end of a certain temporary     array, which allows remote attackers to cause a denial     of service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument.(CVE-2016-6293)

  - The Regular Expressions package in International     Components for Unicode (ICU) for C/C++ before     2014-12-03, as used in Google Chrome before     40.0.2214.91, calculates certain values without     ensuring that they can be represented in a 24-bit     field, which allows remote attackers to cause a denial     of service (memory corruption) or possibly have     unspecified other impact via a crafted string, a     related issue to CVE-2014-7923.(CVE-2014-9654)

  - International Components for Unicode (ICU) for C/C++     before 2017-02-13 has an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function.(CVE-2017-7868)

  - A vulnerability was found in the International     Components for Unicode (ICU). Specially crafted invalid     utf-8 text, when parsed or manipulated using particular     functions in libicu, could cause out-of-bounds heap     reads and writes potentially leading to a crash, memory     disclosure, or possibly code execution.(CVE-2017-7867)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

icu was updated to fix two security issues.

These security issues were fixed :

CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629).

CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629).

CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636).

CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674)

CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678)

CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203)

CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193)

CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for icu fixes the following issues :

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp did not ensure that there is a '\0'     character at the end of a certain temporary array, which     allows remote attackers to cause a denial of service     (out-of-bounds read) or possibly have unspecified other     impact via a call with a long httpAcceptLanguage     argument. (bsc#990636)

  - CVE-2017-7868: ICU had an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function. (bsc#1034674)

  - CVE-2017-7867: ICU had an out-of-bounds write caused by     a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function. (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed     remote attackers to execute arbitrary code via a crafted     string, aka a 'redundant UVector entry clean up function     call' issue. (bsc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to     UTF-8 conversion, which allows remote attackers to cause     a denial of service (stack-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted string, as demonstrated by ZNC.
    (bsc#1072193)

  - CVE-2017-15422: An integer overflow in persian calendar     calculation was fixed, which could show wrong years.
    (bsc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

icu was updated to fix two security issues.

These security issues were fixed :

  - CVE-2014-8147: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) used an integer data type that is     inconsistent with a header file, which allowed remote     attackers to cause a denial of service (incorrect malloc     followed by invalid free) or possibly execute arbitrary     code via crafted text (bsc#929629).

  - CVE-2014-8146: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) did not properly track directionally     isolated pieces of text, which allowed remote attackers     to cause a denial of service (heap-based buffer     overflow) or possibly execute arbitrary code via crafted     text (bsc#929629).

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp in International Components for     Unicode (ICU) for C/C++ did not ensure that there is a     '\0' character at the end of a certain temporary array,     which allowed remote attackers to cause a denial of     service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument (bsc#990636).

  - CVE-2017-7868: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function (bsc#1034674)

  - CVE-2017-7867: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp in     International Components for Unicode (ICU) for C/C++     allowed remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue (bnc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp in International Components for Unicode     (ICU) for C/C++ mishandled ucnv_convertEx calls for     UTF-8 to UTF-8 conversion, which allowed remote     attackers to cause a denial of service (stack-based     buffer overflow and application crash) or possibly have     unspecified other impact via a crafted string, as     demonstrated by ZNC (bnc#1072193)

  - CVE-2017-15422: An integer overflow in icu during     persian calendar date processing could lead to incorrect     years shown (bnc#1077999)

This update was imported from the SUSE:SLE-12:Update update project.

icu was updated to fix two security issues. These security issues were fixed :

  - CVE-2014-8147: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) used an integer data type that is     inconsistent with a header file, which allowed remote     attackers to cause a denial of service (incorrect malloc     followed by invalid free) or possibly execute arbitrary     code via crafted text (bsc#929629).

  - CVE-2014-8146: The resolveImplicitLevels function in     common/ubidi.c in the Unicode Bidirectional Algorithm     implementation in ICU4C in International Components for     Unicode (ICU) did not properly track directionally     isolated pieces of text, which allowed remote attackers     to cause a denial of service (heap-based buffer     overflow) or possibly execute arbitrary code via crafted     text (bsc#929629).

  - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function     in common/uloc.cpp in International Components for     Unicode (ICU) for C/C++ did not ensure that there is a     '\0' character at the end of a certain temporary array,     which allowed remote attackers to cause a denial of     service (out-of-bounds read) or possibly have     unspecified other impact via a call with a long     httpAcceptLanguage argument (bsc#990636).

  - CVE-2017-7868: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_moveIndex32* function (bsc#1034674)

  - CVE-2017-7867: International Components for Unicode     (ICU) for C/C++ 2017-02-13 has an out-of-bounds write     caused by a heap-based buffer overflow related to the     utf8TextAccess function in common/utext.cpp and the     utext_setNativeIndex* function (bsc#1034678)

  - CVE-2017-14952: Double free in i18n/zonemeta.cpp in     International Components for Unicode (ICU) for C/C++     allowed remote attackers to execute arbitrary code via a     crafted string, aka a 'redundant UVector entry clean up     function call' issue (bnc#1067203)

  - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in     ucnv_u8.cpp in International Components for Unicode     (ICU) for C/C++ mishandled ucnv_convertEx calls for     UTF-8 to UTF-8 conversion, which allowed remote     attackers to cause a denial of service (stack-based     buffer overflow and application crash) or possibly have     unspecified other impact via a crafted string, as     demonstrated by ZNC (bnc#1072193)

  - CVE-2017-15422: An integer overflow in icu during     persian calendar date processing could lead to incorrect     years shown (bnc#1077999)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201710-03 (ICU: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ICU. Please review the       referenced CVE identifiers for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Security fix for CVE-2017-7867 CVE-2017-7868

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.

For Debian 7 'Wheezy', these problems have been fixed in version 4.8.1.1-12+deb7u7.

We recommend that you upgrade your icu packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

NVD reports :

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.

It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.

ID	Name	Product	Family	Severity
132129	EulerOS 2.0 SP3 : icu (EulerOS-SA-2019-2594)	Nessus	Huawei Local Security Checks	critical
131882	EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)	Nessus	Huawei Local Security Checks	critical
129126	EulerOS 2.0 SP5 : icu (EulerOS-SA-2019-1969)	Nessus	Huawei Local Security Checks	critical
118258	SUSE SLES12 Security Update : icu (SUSE-SU-2018:1401-2)	Nessus	SuSE Local Security Checks	high
110443	SUSE SLES11 Security Update : icu (SUSE-SU-2018:1602-1)	Nessus	SuSE Local Security Checks	high
110107	openSUSE Security Update : icu (openSUSE-2018-517)	Nessus	SuSE Local Security Checks	high
110093	SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2018:1401-1)	Nessus	SuSE Local Security Checks	high
103721	GLSA-201710-03 : ICU: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
101690	Fedora 26 : icu (2017-a19b28f8ce)	Nessus	Fedora Local Security Checks	medium
100303	Debian DLA-947-1 : icu security update	Nessus	Debian Local Security Checks	medium
100012	Fedora 24 : icu (2017-c2cefcc2b3)	Nessus	Fedora Local Security Checks	medium
99966	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : icu vulnerabilities (USN-3274-1)	Nessus	Ubuntu Local Security Checks	medium
99642	Fedora 25 : icu (2017-1aa946d52b)	Nessus	Fedora Local Security Checks	medium
99555	FreeBSD : icu -- multiple vulnerabilities (607f8b57-7454-42c6-a88a-8706f327076d)	Nessus	FreeBSD Local Security Checks	medium
99484	Debian DSA-3830-1 : icu - security update	Nessus	Debian Local Security Checks	medium

CVE-2017-7867

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins