CVE-2017-15396 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

2.0%

top 16.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Icu-project International Components FOR Unicode Debian Linux +3 more

Timeline

PublishedAug 28

Latest updateMay 14

Description

A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDgoogle/chrome< 62.0.3202.75

▶NVDicu-project/international_components< 60.2

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-mf8j-4w89-w4fp: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60↗2022-05-14

▶

CVEList

CVE-2017-15396: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60↗2018-08-28

▶

OSV

CVE-2017-15396: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60↗2018-08-28

▶

📋Vendor Advisories

Red Hat

chromium-browser: stack overflow in v8↗2017-10-26

▶

💬Community

Bugzilla

CVE-2017-15396, CVE-2017-15406 chromium-browser: stack overflow in v8↗2017-10-27

▶

Bugzilla

CVE-2017-15396 chromium: chromium-browser: stack overflow in v8 [fedora-all]↗2017-10-27

▶