CVE-2014-7923

CWE-17 CWE-122 — Heap-based Buffer Overflow14 documents8 sources

Severity

7.5HIGH

EPSS

2.3%

top 15.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Icu-project International Components FOR Unicode Google Chrome Canonical Ubuntu Linux +6 more

Timeline

PublishedJan 22

Latest updateMay 14

Description

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages8 packages

▶NVDicu-project/international_components< 55.1

▶NVDgoogle/chrome40.0.2214.85

▶Debianicu< 52.1-7.1+3

▶Ubuntuoxide-qt< 1.4.2-0ubuntu0.14.04.1

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 14.04, 14.10, Enterprise Linux 6.0, 6.6.z

🔴Vulnerability Details

GHSA

GHSA-3q83-f89f-8f5x: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40↗2022-05-14

▶

OSV

oxide-qt vulnerabilities↗2015-01-26

▶

CVEList

CVE-2014-7923: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40↗2015-01-22

▶

OSV

CVE-2014-7923: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40↗2015-01-22

▶

📋Vendor Advisories

Ubuntu

ICU vulnerabilities↗2015-03-05

▶

Ubuntu

Oxide vulnerabilities↗2015-01-26

▶

Red Hat

ICU: regexp engine missing look-behind expression range check↗2015-01-21

▶

Red Hat

icu: insufficient size limit checks in regular expression compiler↗2015-01-21

▶

Debian

CVE-2014-7923: icu - The Regular Expressions package in International Components for Unicode (ICU) 52...↗2014

▶

💬Community

Bugzilla

CVE-2014-7926 CVE-2014-9654 CVE-2014-7923 mingw-icu: various flaws [epel-7]↗2015-02-06

▶

Bugzilla

CVE-2014-7926 CVE-2014-9654 CVE-2014-7923 icu: various flaws [fedora-all]↗2015-02-06

▶

Bugzilla

CVE-2014-7926 CVE-2014-9654 CVE-2014-7923 mingw-icu: various flaws [fedora-all]↗2015-02-06

▶

Bugzilla

CVE-2014-7923 ICU: regexp engine missing look-behind expression range check↗2015-01-23

▶