Icu-Project International Components For Unicode vulnerabilities

CVE-2020-10531 [HIGH] CWE-190 CVE-2020-10531: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An int An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

CVE-2018-18928 [CRITICAL] CWE-190 CVE-2018-18928: International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::D International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.

CVE-2017-15396 [MEDIUM] CWE-119 CVE-2017-15396: A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ b A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2017-15422 [MEDIUM] CWE-190 CVE-2017-15422: Integer overflow in international date handling in International Components for Unicode (ICU) for C/ Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2017-17484 [CRITICAL] CWE-119 CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C+ The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted stri

CVE-2017-14952 [CRITICAL] CWE-415 CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59. Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

CVE-2014-9654 [CRITICAL] CVE-2014-9654: The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014- The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other i

CVE-2017-7868 [HIGH] CWE-787 CVE-2017-7868: International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write ca International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.

CVE-2017-7867 [HIGH] CWE-787 CVE-2017-7867: International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write ca International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.

CVE-2014-9911 [CRITICAL] CWE-119 CVE-2014-9911: Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in Inte Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.

CVE-2016-7415 [CRITICAL] CWE-119 CVE-2016-7415: Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.

CVE-2016-6293 [CRITICAL] CWE-119 CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call wi

CVE-2015-5922 [CRITICAL] CVE-2015-5922: Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Ap Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

CVE-2014-8147 [HIGH] CWE-189 CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implemen The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly

CVE-2014-8146 [HIGH] CWE-119 CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implemen The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary

CVE-2014-7926 [HIGH] CWE-17 CVE-2014-7926: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.

CVE-2014-7923 [HIGH] CWE-17 CVE-2014-7923: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.

CVE-2014-7940 [HIGH] CWE-399 CVE-2014-7940: The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 throug The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.

CVE-2011-4599 [HIGH] CWE-119 CVE-2011-4599: Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Componen Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.

CVE-2007-4771 [CRITICAL] CWE-399 CVE-2007-4771: Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Com Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking