Buffer overflow in Icu-project International_components_for_unicode

CVE-2011-4599

Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled dur…

Vulnerability class: Buffer Overflow

EPSS: 0.241 (96.2th percentile) — read the EPSS interpretation.

Affected products

Icu-project International_components_for_unicode
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

51006 (Patch, Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
47674 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
47146 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
47775 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
APPLE-SA-2012-09-19-1 (vendor-advisory, x_refsource_APPLE, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
icu-canonicalize-bo(71726) (VDB Entry, vdb-entry, x_refsource_XF)
[oss-security] 20111209 Re: CVE Request: icu out of bounds access (mailing-list, x_refsource_MLIST, Mailing List)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
77698 (x_refsource_OSVDB, vdb-entry, Broken Link)