CVE-2007-4770
published 2008-01-29CVE-2007-4770: libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which…
PriorityP427medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.82%
84.8th percentile
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | icu | < icu 3.8-6 (bookworm) | icu 3.8-6 (bookworm) |
| icu-project | international_components_for_unicode | <= 3.8.1 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hvj-9j8h-vgr2: libicu in International Components for Unicode (ICU) 3
ghsa_unreviewed·2022-05-01
CVE-2007-4770 [MEDIUM] GHSA-3hvj-9j8h-vgr2: libicu in International Components for Unicode (ICU) 3
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
OSV
CVE-2007-4770: libicu in International Components for Unicode (ICU) 3
osv·2008-01-29·CVSS 6.8
CVE-2007-4770 [MEDIUM] CVE-2007-4770: libicu in International Components for Unicode (ICU) 3
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
Ubuntu
libicu vulnerabilities
vendor_ubuntu·2008-03-24·CVSS 6.8
CVE-2007-4770 [MEDIUM] libicu vulnerabilities
Title: libicu vulnerabilities
Summary: libicu vulnerabilities
Will Drewry discovered that libicu did not properly handle '\0' when
processing regular expressions. If an application linked against libicu
processed a crafted regular expression, an attacker could execute
arbitrary code with privileges of the user invoking the program.
(CVE-2007-4770)
Will Drewry discovered that libicu did not properly limit its
backtracking stack size. If an application linked against libicu
processed a crafted regular expression, an attacker could cause a denial
of service via resource exhaustion. (CVE-2007-4771)
Instructions: After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.
Red Hat
libicu poor back reference validation
vendor_redhat·2008-01-22·CVSS 6.8
CVE-2007-4770 [MEDIUM] libicu poor back reference validation
libicu poor back reference validation
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
Debian
CVE-2007-4770: icu - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts ...
vendor_debian·2007·CVSS 6.8
CVE-2007-4770 [MEDIUM] CVE-2007-4770: icu - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts ...
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
Scope: local
bookworm: resolved (fixed in 3.8-6)
bullseye: resolved (fixed in 3.8-6)
forky: resolved (fixed in 3.8-6)
sid: resolved (fixed in 3.8-6)
trixie: resolved (fixed in 3.8-6)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0090.htmlhttp://secunia.com/advisories/28575http://secunia.com/advisories/28615http://secunia.com/advisories/28669http://secunia.com/advisories/28783http://secunia.com/advisories/29194http://secunia.com/advisories/29242http://secunia.com/advisories/29291http://secunia.com/advisories/29294http://secunia.com/advisories/29333http://secunia.com/advisories/29852http://secunia.com/advisories/29910http://secunia.com/advisories/29987http://secunia.com/advisories/30179http://security.gentoo.org/glsa/glsa-200803-20.xmlhttp://security.gentoo.org/glsa/glsa-200805-16.xmlhttp://securitytracker.com/id?1019269http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043http://www.debian.org/security/2008/dsa-1511http://www.mandriva.com/security/advisories?name=MDVSA-2008:026http://www.novell.com/linux/security/advisories/2008_23_openoffice.htmlhttp://www.openoffice.org/security/cves/CVE-2007-4770.htmlhttp://www.openoffice.org/security/cves/CVE-2007-5745.htmlhttp://www.securityfocus.com/archive/1/487677/100/0/threadedhttp://www.securityfocus.com/bid/27455http://www.ubuntu.com/usn/usn-591-1http://www.vupen.com/english/advisories/2008/0282http://www.vupen.com/english/advisories/2008/0807/referenceshttp://www.vupen.com/english/advisories/2008/1375/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=429023https://exchange.xforce.ibmcloud.com/vulnerabilities/39938https://issues.rpath.com/browse/RPL-2199https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0090.htmlhttp://secunia.com/advisories/28575http://secunia.com/advisories/28615http://secunia.com/advisories/28669http://secunia.com/advisories/28783http://secunia.com/advisories/29194http://secunia.com/advisories/29242http://secunia.com/advisories/29291http://secunia.com/advisories/29294http://secunia.com/advisories/29333http://secunia.com/advisories/29852http://secunia.com/advisories/29910http://secunia.com/advisories/29987http://secunia.com/advisories/30179http://security.gentoo.org/glsa/glsa-200803-20.xmlhttp://security.gentoo.org/glsa/glsa-200805-16.xmlhttp://securitytracker.com/id?1019269http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043http://www.debian.org/security/2008/dsa-1511http://www.mandriva.com/security/advisories?name=MDVSA-2008:026http://www.novell.com/linux/security/advisories/2008_23_openoffice.htmlhttp://www.openoffice.org/security/cves/CVE-2007-4770.htmlhttp://www.openoffice.org/security/cves/CVE-2007-5745.htmlhttp://www.securityfocus.com/archive/1/487677/100/0/threadedhttp://www.securityfocus.com/bid/27455http://www.ubuntu.com/usn/usn-591-1http://www.vupen.com/english/advisories/2008/0282http://www.vupen.com/english/advisories/2008/0807/referenceshttp://www.vupen.com/english/advisories/2008/1375/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=429023https://exchange.xforce.ibmcloud.com/vulnerabilities/39938https://issues.rpath.com/browse/RPL-2199https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11172https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5507https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html
2008-01-29
Published