CVE-2014-8146
published 2015-05-25CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode…
PriorityP265high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
24.47%
97.6th percentile
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_9 | — | — |
| apple | iphone_os | <= 8.2 | — |
| apple | itunes | <= 12.1.3 | — |
| apple | itunes | — | — |
| apple | mac_os_x | <= 10.10.4 | — |
| apple | os_x_el_capitan_v10.11 | — | — |
| apple | watchos | <= 1.0.1 | — |
| apple | watchos_2 | — | — |
| debian | icu | < icu 52.1-9 (bookworm) | icu 52.1-9 (bookworm) |
| icu-project | international_components_for_unicode | < 55.1 | 55.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for heap-based buffer overflow triggered in the resolveImplicitLevels function within common/ubidi.c of the ICU library, specifically when isolateCount is incremented out of bounds due to improperly tracked directionally isolated text (LRI/RLI dirProps). ↗
- →Flag applications using ICU versions 52 through 54 (ICU4C before 55.1) processing externally-supplied Unicode bidirectional text, as all releases in that range are vulnerable to this heap overflow. ↗
- →Look for out-of-bounds writes to pBiDi->isolates[] array members (stateImp, state, start1) when processing crafted bidirectional text containing LRI or RLI directional isolate characters. ↗
- →The vulnerability is reachable remotely via crafted text processed by any application embedding ICU (e.g., LibreOffice); monitor crash telemetry or heap corruption signals in such applications when handling untrusted Unicode content. ↗
- ·Exploitability is uncertain; at time of disclosure it was unknown whether these vulnerabilities are reliably exploitable beyond denial of service. ↗
- ·Red Hat has marked all affected packages (RHEL 5, 6, 7, Red Hat Directory Server 8, OpenShift Enterprise 2) as 'Will not fix', meaning patched ICU packages will not be provided for those platforms. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ICU vulnerabilities
vendor_ubuntu·2015-05-11
CVE-2014-8146 ICU vulnerabilities
Title: ICU vulnerabilities
Summary: ICU could be made to crash or run programs as your login if it processed
specially crafted data.
Pedro Ribeiro discovered that ICU incorrectly handled certain memory
operations when processing data. If an application using ICU processed
crafted data, an attacker could cause it to crash or potentially execute
arbitrary code with the privileges of the user invoking the program.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
icu: heap overflow via incorrect isolateCount
vendor_redhat·2015-05-05·CVSS 7.5
CVE-2014-8146 [HIGH] CWE-122 icu: heap overflow via incorrect isolateCount
icu: heap overflow via incorrect isolateCount
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
Package: icu (Red Hat Directory Server 8) - Will not fix
Package: icu (Red Hat Enterprise Linux 5) - Will not fix
Package: icu (Red Hat Enterprise Linux 6) - Will not fix
Package: icu (Red Hat Enterprise Linux 7) - Will not fix
Package: icu (Red Hat OpenShift Enterprise 2) - Will not fix
Debian
CVE-2014-8146: icu - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectiona...
vendor_debian·2014·CVSS 7.5
CVE-2014-8146 [HIGH] CVE-2014-8146: icu - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectiona...
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
Scope: local
bookworm: resolved (fixed in 52.1-9)
bullseye: resolved (fixed in 52.1-9)
forky: resolved (fixed in 52.1-9)
sid: resolved (fixed in 52.1-9)
trixie: resolved (fixed in 52.1-9)
Apple
CVE-2014-8146: OS X El Capitan v10.11
vendor_apple·CVSS 7.5
CVE-2014-8146 [HIGH] CVE-2014-8146: OS X El Capitan v10.11
Apple Security Update: About the security content of OS X El Capitan v10.11
Product: OS X El Capitan v10.11
CVE: CVE-2014-8146
Component: CVE-ID
Apple
CVE-2014-8146: iOS 9
vendor_apple·CVSS 7.5
CVE-2014-8146 [HIGH] CVE-2014-8146: iOS 9
Apple Security Update: About the security content of iOS 9
Product: iOS 9
CVE: CVE-2014-8146
Component: CVE-ID
Apple
CVE-2014-8146: iTunes 12.3
vendor_apple·CVSS 7.5
CVE-2014-8146 [HIGH] CVE-2014-8146: iTunes 12.3
Apple Security Update: About the security content of iTunes 12.3
Product: iTunes
Version: 12.3
CVE: CVE-2014-8146
Component: CVE-ID
Impact: Opening a media file may lead to arbitrary code execution
Description: A security issue existed in Microsoft Foundation Class's handling of library loading. This issue was addressed by updating to the latest version of the Microsoft Visual C++ Redistributable Package.
Apple
CVE-2014-8146: watchOS 2
vendor_apple·CVSS 7.5
CVE-2014-8146 [HIGH] CVE-2014-8146: watchOS 2
Apple Security Update: About the security content of watchOS 2
Product: watchOS 2
CVE: CVE-2014-8146
Component: CVE-ID
GHSA
GHSA-5v3f-x3cw-9pfr: The resolveImplicitLevels function in common/ubidi
ghsa_unreviewed·2022-05-14
CVE-2014-8146 [HIGH] CWE-119 GHSA-5v3f-x3cw-9pfr: The resolveImplicitLevels function in common/ubidi
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
OSV
CVE-2014-8146: The resolveImplicitLevels function in common/ubidi
osv·2015-05-25·CVSS 7.5
CVE-2014-8146 [HIGH] CVE-2014-8146: The resolveImplicitLevels function in common/ubidi
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
No detection rules found.
Bugzilla
ICU: heap overflow via incorrect isolateCount
bugzilla·2015-05-18·CVSS 7.5
CVE-2014-8146 [HIGH] ICU: heap overflow via incorrect isolateCount
ICU: heap overflow via incorrect isolateCount
An unspecified heap overflow flaw via incorrect isolateCount was fixed in Debian's ICU package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773
Discussion:
(In reply to Martin Prpic from comment #0)
> An unspecified heap overflow flaw via incorrect isolateCount was fixed in
> Debian's ICU package:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773
Should that be CVE-2014-8146?
---
Duplicate of bug 1176197 caused by typo in CVE id.
*** This bug has been marked as a duplicate of bug 1176197 ***
Bugzilla
ICU: integer overflow via incorrect state size
bugzilla·2015-05-18·CVSS 7.5
CVE-2014-8147 [HIGH] ICU: integer overflow via incorrect state size
ICU: integer overflow via incorrect state size
An unspecified integer overflow via incorrect state size was fixed in Debian's ICU package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773
Discussion:
Hi Martin,
(In reply to Martin Prpic from comment #0)
> An unspecified integer overflow via incorrect state size was fixed in
> Debian's ICU package:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773
Should that be CVE-2014-8147? The bug subject in the Debian BTS referred to CVE-2015-8146 and CVE-2015-8147 but the assigned CVEs seem to be CVE-2014-8146 and CVE-2014-8147.
https://marc.info/?l=oss-security&m=143081399320763&w=2
Regards,
Salvatore
---
Exactly, these do look like CVE id typos (2014 vs. 2015). Can you get the Debian side cleaned-up?
---
Duplicate of b
Bugzilla
CVE-2014-8147 CVE-2014-8146 icu: various flaws [fedora-all]
bugzilla·2015-05-06·CVSS 7.5
CVE-2014-8147 [HIGH] CVE-2014-8147 CVE-2014-8146 icu: various flaws [fedora-all]
CVE-2014-8147 CVE-2014-8146 icu: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
Bugzilla
CVE-2014-8146 icu: heap overflow via incorrect isolateCount
bugzilla·2014-12-19·CVSS 7.5
CVE-2014-8146 [HIGH] CVE-2014-8146 icu: heap overflow via incorrect isolateCount
CVE-2014-8146 icu: heap overflow via incorrect isolateCount
A heap overflow was found in ICU's isolateCount which, under certain circumstances, is incremented too many times, resulting in several out of bounds writes.
Additional details:
https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt
Discussion:
Created icu tracking bugs for this issue:
Affects: fedora-all [bug 1218901]
---
Upstream commit:
http://bugs.icu-project.org/trac/changeset/37162
---
*** Bug 1222454 has been marked as a duplicate of this bug. ***
http://bugs.icu-project.org/trac/changeset/37162http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://openwall.com/lists/oss-security/2015/05/05/6http://seclists.org/fulldisclosure/2015/May/14http://www.debian.org/security/2015/dsa-3323http://www.kb.cert.org/vuls/id/602540http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/74457https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txthttps://security.gentoo.org/glsa/201507-04https://support.apple.com/HT205212https://support.apple.com/HT205213https://support.apple.com/HT205221https://support.apple.com/HT205267https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://bugs.icu-project.org/trac/changeset/37162http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://openwall.com/lists/oss-security/2015/05/05/6http://seclists.org/fulldisclosure/2015/May/14http://www.debian.org/security/2015/dsa-3323http://www.kb.cert.org/vuls/id/602540http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.securityfocus.com/bid/74457https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txthttps://security.gentoo.org/glsa/201507-04https://support.apple.com/HT205212https://support.apple.com/HT205213https://support.apple.com/HT205221https://support.apple.com/HT205267https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
2015-05-25
Published