CVE-2014-9911Improper Restriction of Operations within the Bounds of a Memory Buffer in International Components FOR Unicode

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
1.8%
top 17.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Icu-project International Components FOR Unicode
Timeline
PublishedJan 4
Latest updateMay 14

Description

Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: bugs.icu-project.orgPatch: bugs.php.netPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-968j-j287-m7jc: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund2022-05-14
OSV
CVE-2014-9911: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund2017-01-04
CVEList
CVE-2014-9911: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund2017-01-04

📋Vendor Advisories

3
Ubuntu
ICU vulnerabilities2017-03-13
Red Hat
icu: stack-based buffer overflow in uloc_getDisplayName2016-11-22
Debian
CVE-2014-9911: icu - Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/...2014

💬Community

2
Bugzilla
CVE-2014-9912 php: stack buffer overflow in locale_get_display_name2016-11-29
Bugzilla
CVE-2014-9911 icu: stack-based buffer overflow in uloc_getDisplayName2016-10-11
CVE-2014-9911 — CRITICAL severity | cvebase