CVE-2014-9911
published 2017-01-04CVE-2014-9911: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for…
PriorityP344critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.46%
91.7th percentile
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | icu | < icu 55.1-3 (bookworm) | icu 55.1-3 (bookworm) |
| icu-project | international_components_for_unicode | < 54.1 | 54.1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-968j-j287-m7jc: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund
ghsa_unreviewed·2022-05-14
CVE-2014-9911 [CRITICAL] CWE-119 GHSA-968j-j287-m7jc: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
OSV
CVE-2014-9911: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund
osv·2017-01-04·CVSS 9.8
CVE-2014-9911 [CRITICAL] CVE-2014-9911: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
Ubuntu
ICU vulnerabilities
vendor_ubuntu·2017-03-13
CVE-2014-9911 ICU vulnerabilities
Title: ICU vulnerabilities
Summary: Several security issues were fixed in ICU.
It was discovered that ICU incorrectly handled certain memory operations
when processing data. If an application using ICU processed crafted data,
a remote attacker could possibly cause it to crash or potentially execute
arbitrary code with the privileges of the user invoking the program.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
icu: stack-based buffer overflow in uloc_getDisplayName
vendor_redhat·2016-11-22·CVSS 9.8
CVE-2014-9911 [CRITICAL] CWE-121 icu: stack-based buffer overflow in uloc_getDisplayName
icu: stack-based buffer overflow in uloc_getDisplayName
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
Package: icu (Red Hat Directory Server 8) - Will not fix
Package: icu (Red Hat Enterprise Linux 5) - Will not fix
Package: icu (Red Hat Enterprise Linux 6) - Will not fix
Package: icu (Red Hat Enterprise Linux 7) - Will not fix
Package: icu (Red Hat OpenShift Enterprise 2) - Will not fix
Debian
CVE-2014-9911: icu - Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/...
vendor_debian·2014·CVSS 9.8
CVE-2014-9911 [CRITICAL] CVE-2014-9911: icu - Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/...
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
Scope: local
bookworm: resolved (fixed in 55.1-3)
bullseye: resolved (fixed in 55.1-3)
forky: resolved (fixed in 55.1-3)
sid: resolved (fixed in 55.1-3)
trixie: resolved (fixed in 55.1-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9912 php: stack buffer overflow in locale_get_display_name
bugzilla·2016-11-29·CVSS 9.8
CVE-2014-9912 [CRITICAL] CVE-2014-9912 php: stack buffer overflow in locale_get_display_name
CVE-2014-9912 php: stack buffer overflow in locale_get_display_name
A string of more than 255 characters passed to locale_get_display_name (in the php-intl package) will cause a stack buffer overflow in the ICU library.
Upstream issue:
https://bugs.php.net/bug.php?id=67397
Upstream patch:
https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest
CVE assignment:
https://seclists.org/oss-sec/2016-q4/525
Note that this patch is actually a workaround for CVE-2014-9911 in icu.
Bugzilla
CVE-2014-9911 icu: stack-based buffer overflow in uloc_getDisplayName
bugzilla·2016-10-11·CVSS 9.8
CVE-2014-9911 [CRITICAL] CVE-2014-9911 icu: stack-based buffer overflow in uloc_getDisplayName
CVE-2014-9911 icu: stack-based buffer overflow in uloc_getDisplayName
A locale string of more than 255 characters passed to uloc_getDisplayName() could overflow a buffer on the stack, leading a crash or, potentially, code execution.
Upstream patch:
http://bugs.icu-project.org/trac/changeset/35699
Upstream issue (private as at 2016-10-11):
http://bugs.icu-project.org/trac/ticket/10891
Discussion:
PHP bug (already fixed in bug 1065838):
https://bugs.php.net/bug.php?id=67397
Related ICU bug:
http://bugs.icu-project.org/trac/ticket/11936
---
Created mingw-icu tracking bugs for this issue:
Affects: fedora-all [bug 1397625]
Affects: epel-7 [bug 1397626]
---
The affected function has only one buffer on the stack, and it is overflowed at the end by copying a null-terminated string w
Bugzilla
CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http
bugzilla·2016-07-25·CVSS 9.8
CVE-2016-6294 [CRITICAL] CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http
CVE-2016-6294 php: Out-of-bounds access in locale_accept_from_http
Calling to uloc_acceptLanguageFromHTTP with parameter size "httpAcceptLanguage" equal or greater than ULOC_FULLNAME_CAPACITY + 1, the local variable "tmp" might leave unterminated. uloc_acceptLanguageFromHTTP doesn’t check status result after call to uloc_canonicalize. This might cause stack data leak.
PHP bug:
https://bugs.php.net/bug.php?id=72533
PHP fix:
http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
CVE assignment:
http://seclists.org/oss-sec/2016/q3/137
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1359837]
---
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 6
Red Hat S
http://bugs.icu-project.org/trac/changeset/35699http://bugs.icu-project.org/trac/ticket/1089http://www.openwall.com/lists/oss-security/2016/11/25/1http://www.securityfocus.com/bid/94520http://www.securitytracker.com/id/1037556https://bugs.php.net/bug.php?id=67397https://bugzilla.redhat.com/show_bug.cgi?id=1383569https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://bugs.icu-project.org/trac/changeset/35699http://bugs.icu-project.org/trac/ticket/1089http://www.openwall.com/lists/oss-security/2016/11/25/1http://www.securityfocus.com/bid/94520http://www.securitytracker.com/id/1037556https://bugs.php.net/bug.php?id=67397https://bugzilla.redhat.com/show_bug.cgi?id=1383569https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
2017-01-04
Published