CVE-2008-1036
published 2008-06-02CVE-2008-1036: The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| debian | icu | < icu 4.0.1-1 (bookworm) | icu 4.0.1-1 (bookworm) |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
Ubuntu
ICU vulnerability
vendor_ubuntu·2009-03-26
CVE-2008-1036 ICU vulnerability
Title: ICU vulnerability
Summary: ICU vulnerability
It was discovered that libicu did not correctly handle certain invalid
encoded data. If a user or automated system were tricked into processing
specially crafted data with applications linked against libicu, certain
content filters could be bypassed.
Instructions: After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.
Red Hat
ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
vendor_redhat·2008-05-28·CVSS 4.3
CVE-2008-1036 [MEDIUM] CWE-79 ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Debian
CVE-2008-1036: icu - The International Components for Unicode (ICU) library in Apple Mac OS X before ...
vendor_debian·2008·CVSS 4.3
CVE-2008-1036 [MEDIUM] CVE-2008-1036: icu - The International Components for Unicode (ICU) library in Apple Mac OS X before ...
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Scope: local
bookworm: resolved (fixed in 4.0.1-1)
bullseye: resolved (fixed in 4.0.1-1)
forky: resolved (fixed in 4.0.1-1)
sid: resolved (fixed in 4.0.1-1)
trixie: resolved (fixed in 4.0.1-1)
GHSA
GHSA-w398-xcxp-rxmr: The International Components for Unicode (ICU) library in Apple Mac OS X before 10
ghsa_unreviewed·2022-05-01
CVE-2008-1036 [MEDIUM] CWE-79 GHSA-w398-xcxp-rxmr: The International Components for Unicode (ICU) library in Apple Mac OS X before 10
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
OSV
CVE-2008-1036: The International Components for Unicode (ICU) library in Apple Mac OS X before 10
osv·2008-06-02·CVSS 4.3
CVE-2008-1036 [MEDIUM] CVE-2008-1036: The International Components for Unicode (ICU) library in Apple Mac OS X before 10
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-0153 icu: XSS vulnerability due to improper invalid byte sequence handling
bugzilla·2009-05-28·CVSS 4.3
CVE-2009-0153 [MEDIUM] CVE-2009-0153 icu: XSS vulnerability due to improper invalid byte sequence handling
CVE-2009-0153 icu: XSS vulnerability due to improper invalid byte sequence handling
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0153 to
the following vulnerability:
International Components for Unicode (ICU) in Apple Mac OS X 10.5 before 10.5.7 does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
http://support.apple.com/kb/HT3549
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.securityfocus.com/bid/34926
http://secunia.com/advisories/35074
http://www.vupen.com/english/advisories/2009/1297
http://xforce.iss.net/xforce/xfdb/50488
Discussion:
This issue was originally repo
Bugzilla
CVE-2008-1036 ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
bugzilla·2008-09-26·CVSS 4.3
CVE-2008-1036 [MEDIUM] CVE-2008-1036 ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
CVE-2008-1036 ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1036 to
the following vulnerability:
International Components for Unicode (ICU) in Apple Mac OS X before 10.5.3 omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
References:
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Proposed patch (icu part):
http://bugs.icu-project.org/trac/search?q=%22ticket:6175:%22&noquickjump=1&changeset=on
Proposed patch (icu4j part):
http://bugs.icu-project.org/trac/search?q=%22ticket:6198:%22&noquickjump=1&changeset=on
http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://secunia.com/advisories/30430http://secunia.com/advisories/34290http://secunia.com/advisories/34777http://securitytracker.com/id?1020139http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064http://www.debian.org/security/2009/dsa-1762http://www.redhat.com/support/errata/RHSA-2009-0296.htmlhttp://www.securityfocus.com/bid/29412http://www.securityfocus.com/bid/29488http://www.ubuntu.com/usn/USN-747-1http://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.vupen.com/english/advisories/2008/1697https://exchange.xforce.ibmcloud.com/vulnerabilities/42717https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10824http://lists.apple.com/archives/security-announce/2008//May/msg00001.htmlhttp://secunia.com/advisories/30430http://secunia.com/advisories/34290http://secunia.com/advisories/34777http://securitytracker.com/id?1020139http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0064http://www.debian.org/security/2009/dsa-1762http://www.redhat.com/support/errata/RHSA-2009-0296.htmlhttp://www.securityfocus.com/bid/29412http://www.securityfocus.com/bid/29488http://www.ubuntu.com/usn/USN-747-1http://www.us-cert.gov/cas/techalerts/TA08-150A.htmlhttp://www.vupen.com/english/advisories/2008/1697https://exchange.xforce.ibmcloud.com/vulnerabilities/42717https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10824
2008-06-02
Published