CVE-2017-15422 — Integer Overflow or Wraparound in Google Chrome

CWE-190 — Integer Overflow or Wraparound17 documents9 sources

Severity

6.5MEDIUMNVD

EPSS

2.6%

top 14.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Icu-project International Components FOR Unicode Canonical Ubuntu Linux +4 more

Timeline

PublishedAug 28

Latest updateMay 14

Description

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶NVDicu-project/international_components< 60.1

▶NVDgoogle/chrome< 63.0.3239.84

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-m4p7-r6qr-35pv: Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60↗2022-05-14

▶

CVEList

CVE-2017-15422: Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60↗2018-08-28

▶

OSV

CVE-2017-15422: Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60↗2018-08-28

▶

📋Vendor Advisories

Ubuntu

ICU vulnerability↗2018-03-28

▶

Red Hat

chromium-browser: integer overflow in icu↗2017-12-06

▶

Apple

CVE-2017-15422: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan↗2017-12-06

▶

Apple

CVE-2017-15422: iTunes 12.7.2 for Windows↗2017-12-06

▶

Debian

CVE-2017-15422: icu - Integer overflow in international date handling in International Components for ...↗2017

▶

💬Community

Bugzilla

Backport CVE-2017-15422 to ESR52↗2018-03-29

▶

Bugzilla

CVE-2017-15422 mingw-icu: chromium-browser: integer overflow in icu [epel-7]↗2017-12-18

▶

Bugzilla

CVE-2017-15422 mingw-icu: chromium-browser: integer overflow in icu [fedora-all]↗2017-12-18

▶

Bugzilla

CVE-2017-15422 mingw-icu: chromium-browser: integer overflow in icu [fedora-all]↗2017-12-18

▶

Bugzilla

CVE-2017-15422 icu: chromium-browser: integer overflow in icu [fedora-all]↗2017-12-18

▶