CVE-2007-4771
published 2008-01-29CVE-2007-4771: Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows…
PriorityP431critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.54%
83.0th percentile
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | icu | < icu 3.8-6 (bookworm) | icu 3.8-6 (bookworm) |
| icu-project | international_components_for_unicode | <= 3.8.1 | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libicu vulnerabilities
vendor_ubuntu·2008-03-24·CVSS 6.8
CVE-2007-4770 [MEDIUM] libicu vulnerabilities
Title: libicu vulnerabilities
Summary: libicu vulnerabilities
Will Drewry discovered that libicu did not properly handle '\0' when
processing regular expressions. If an application linked against libicu
processed a crafted regular expression, an attacker could execute
arbitrary code with privileges of the user invoking the program.
(CVE-2007-4770)
Will Drewry discovered that libicu did not properly limit its
backtracking stack size. If an application linked against libicu
processed a crafted regular expression, an attacker could cause a denial
of service via resource exhaustion. (CVE-2007-4771)
Instructions: After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.
Red Hat
libicu incomplete interval handling
vendor_redhat·2008-01-22·CVSS 9.3
CVE-2007-4771 [CRITICAL] libicu incomplete interval handling
libicu incomplete interval handling
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
Debian
CVE-2007-4771: icu - Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu ...
vendor_debian·2007·CVSS 9.3
CVE-2007-4771 [CRITICAL] CVE-2007-4771: icu - Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu ...
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved (fixed in 3.8-6)
bullseye: resolved (fixed in 3.8-6)
forky: resolved (fixed in 3.8-6)
sid: resolved (fixed in 3.8-6)
trixie: resolved (fixed in 3.8-6)
GHSA
GHSA-78gp-g683-v26p: Heap-based buffer overflow in the doInterval function in regexcmp
ghsa_unreviewed·2022-05-01
CVE-2007-4771 [HIGH] GHSA-78gp-g683-v26p: Heap-based buffer overflow in the doInterval function in regexcmp
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
OSV
CVE-2007-4771: Heap-based buffer overflow in the doInterval function in regexcmp
osv·2008-01-29·CVSS 9.3
CVE-2007-4771 [CRITICAL] CVE-2007-4771: Heap-based buffer overflow in the doInterval function in regexcmp
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0090.htmlhttp://secunia.com/advisories/28575http://secunia.com/advisories/28615http://secunia.com/advisories/28669http://secunia.com/advisories/28783http://secunia.com/advisories/29194http://secunia.com/advisories/29242http://secunia.com/advisories/29291http://secunia.com/advisories/29294http://secunia.com/advisories/29333http://secunia.com/advisories/29852http://secunia.com/advisories/29910http://secunia.com/advisories/29987http://secunia.com/advisories/30179http://security.gentoo.org/glsa/glsa-200803-20.xmlhttp://security.gentoo.org/glsa/glsa-200805-16.xmlhttp://securitytracker.com/id?1019269http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043http://www.debian.org/security/2008/dsa-1511http://www.mandriva.com/security/advisories?name=MDVSA-2008:026http://www.novell.com/linux/security/advisories/2008_23_openoffice.htmlhttp://www.openoffice.org/security/cves/CVE-2007-4770.htmlhttp://www.openoffice.org/security/cves/CVE-2007-5745.htmlhttp://www.securityfocus.com/archive/1/487677/100/0/threadedhttp://www.securityfocus.com/bid/27455http://www.ubuntu.com/usn/usn-591-1http://www.vupen.com/english/advisories/2008/0282http://www.vupen.com/english/advisories/2008/0807/referenceshttp://www.vupen.com/english/advisories/2008/1375/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=429025https://exchange.xforce.ibmcloud.com/vulnerabilities/39936https://issues.rpath.com/browse/RPL-2199https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10507https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5431https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0090.htmlhttp://secunia.com/advisories/28575http://secunia.com/advisories/28615http://secunia.com/advisories/28669http://secunia.com/advisories/28783http://secunia.com/advisories/29194http://secunia.com/advisories/29242http://secunia.com/advisories/29291http://secunia.com/advisories/29294http://secunia.com/advisories/29333http://secunia.com/advisories/29852http://secunia.com/advisories/29910http://secunia.com/advisories/29987http://secunia.com/advisories/30179http://security.gentoo.org/glsa/glsa-200803-20.xmlhttp://security.gentoo.org/glsa/glsa-200805-16.xmlhttp://securitytracker.com/id?1019269http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043http://www.debian.org/security/2008/dsa-1511http://www.mandriva.com/security/advisories?name=MDVSA-2008:026http://www.novell.com/linux/security/advisories/2008_23_openoffice.htmlhttp://www.openoffice.org/security/cves/CVE-2007-4770.htmlhttp://www.openoffice.org/security/cves/CVE-2007-5745.htmlhttp://www.securityfocus.com/archive/1/487677/100/0/threadedhttp://www.securityfocus.com/bid/27455http://www.ubuntu.com/usn/usn-591-1http://www.vupen.com/english/advisories/2008/0282http://www.vupen.com/english/advisories/2008/0807/referenceshttp://www.vupen.com/english/advisories/2008/1375/referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=429025https://exchange.xforce.ibmcloud.com/vulnerabilities/39936https://issues.rpath.com/browse/RPL-2199https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10507https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5431https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html
2008-01-29
Published