cbcvebase.
CVE-2014-8146
published 2015-05-25

CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode…

PriorityP265high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
24.47%
97.6th percentile
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Affected

10 ranges
VendorProductVersion rangeFixed in
appleios_9
appleiphone_os<= 8.2
appleitunes<= 12.1.3
appleitunes
applemac_os_x<= 10.10.4
appleos_x_el_capitan_v10.11
applewatchos<= 1.0.1
applewatchos_2
debianicu< icu 52.1-9 (bookworm)icu 52.1-9 (bookworm)
icu-projectinternational_components_for_unicode< 55.155.1

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43887.zip
pathcommon/ubidi.c
  • Monitor for heap-based buffer overflow triggered in the resolveImplicitLevels function within common/ubidi.c of the ICU library, specifically when isolateCount is incremented out of bounds due to improperly tracked directionally isolated text (LRI/RLI dirProps).
  • Flag applications using ICU versions 52 through 54 (ICU4C before 55.1) processing externally-supplied Unicode bidirectional text, as all releases in that range are vulnerable to this heap overflow.
  • Look for out-of-bounds writes to pBiDi->isolates[] array members (stateImp, state, start1) when processing crafted bidirectional text containing LRI or RLI directional isolate characters.
  • The vulnerability is reachable remotely via crafted text processed by any application embedding ICU (e.g., LibreOffice); monitor crash telemetry or heap corruption signals in such applications when handling untrusted Unicode content.
  • ·Exploitability is uncertain; at time of disclosure it was unknown whether these vulnerabilities are reliably exploitable beyond denial of service.
  • ·Red Hat has marked all affected packages (RHEL 5, 6, 7, Red Hat Directory Server 8, OpenShift Enterprise 2) as 'Will not fix', meaning patched ICU packages will not be provided for those platforms.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.