ID CVE-2007-4770
Summary libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
References
Vulnerable Configurations
  • ICU Project International Components for Unicode for C/C++ 3.8.1
    cpe:2.3:a:icu-project:international_components_for_unicode:3.8.1:-:-:-:-:c%2fc%2b%2b
CVSS
Base: 6.8 (as of 29-01-2008 - 12:02)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200803-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200803-20 (International Components for Unicode: Multiple vulnerabilities) Will Drewry (Google Security) reported a vulnerability in the regular expression engine when using back references to capture \\0 characters (CVE-2007-4770). He also found that the backtracking stack size is not limited, possibly allowing for a heap-based buffer overflow (CVE-2007-4771). Impact : A remote attacker could submit specially crafted regular expressions to an application using the library, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 31446
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31446
    title GLSA-200803-20 : International Components for Unicode: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200805-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200805-16 (OpenOffice.org: Multiple vulnerabilities) iDefense Labs reported multiple vulnerabilities in OpenOffice.org: multiple heap-based buffer overflows when parsing the 'Attribute' and 'Font' Description records of Quattro Pro (QPRO) files (CVE-2007-5745), an integer overflow when parsing the EMR_STRETCHBLT record of an EMF file, resulting in a heap-based buffer overflow (CVE-2007-5746), an integer underflow when parsing Quattro Pro (QPRO) files, resulting in an excessive loop and a stack-based buffer overflow (CVE-2007-5747), and a heap-based buffer overflow when parsing the 'DocumentSummaryInformation' stream in an OLE file (CVE-2008-0320). Furthermore, Will Drewry (Google Security) reported vulnerabilities in the memory management of the International Components for Unicode (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20. However, the binary version of OpenOffice.org uses an internal copy of said library. Impact : A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running OpenOffice.org. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 32353
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32353
    title GLSA-200805-16 : OpenOffice.org: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ICU-5014.NASL
    description Certain regular expressions could crash the ICU library. (CVE-2007-4770 / CVE-2007-4771)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 31400
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31400
    title SuSE 10 Security Update : icu (ZYPP Patch Number 5014)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ICU-5013.NASL
    description Certain regular expressions could crash the ICU library (CVE-2007-4770, CVE-2007-4771).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 31399
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31399
    title openSUSE 10 Security Update : icu (icu-5013)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0090.NASL
    description Updated icu packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 30091
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30091
    title RHEL 5 : icu (RHSA-2008:0090)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0090.NASL
    description Updated icu packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43673
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43673
    title CentOS 5 : icu (CESA-2008:0090)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0090.NASL
    description From Red Hat Security Advisory 2008:0090 : Updated icu packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67646
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67646
    title Oracle Linux 5 : icu (ELSA-2008-0090)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-026.NASL
    description Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37215
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37215
    title Mandriva Linux Security Advisory : icu (MDVSA-2008:026)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080125_ICU_ON_SL5_X.NASL
    description Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60352
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60352
    title Scientific Linux Security Update : icu on SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-591-1.NASL
    description Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program. (CVE-2007-4770) Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion. (CVE-2007-4771). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 31678
    published 2008-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31678
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : icu vulnerabilities (USN-591-1)
  • NASL family Windows
    NASL id OPENOFFICE_240.NASL
    description The version of Sun Microsystems OpenOffice.org installed on the remote host is affected by several issues : - Heap overflow and arbitrary code execution vulnerabilities involving ODF text documents with XForms (CVE-2007-4770/4771). - Heap overflow and arbitrary code execution vulnerabilities involving Quattro Pro files (CVE-2007-5745/5747). - Heap overflow and arbitrary code execution vulnerabilities involving EMF files (CVE-2007-5746). - Heap overflow and arbitrary code execution vulnerabilities involving OLE files (CVE-2008-0320).
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 31968
    published 2008-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31968
    title Sun OpenOffice.org < 2.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-5053.NASL
    description This update of OpenOffice fixes various critical security vulnerabilities - heap-overflow when parsing PPT files (CVE-2008-0320) - various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747) - out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)
    last seen 2019-02-21
    modified 2018-01-11
    plugin id 32023
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32023
    title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-5053)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-1036.NASL
    description CVE-2007-4770 & CVE-2007-4771 Flaws in icu regexp handling. Technical details can be found at http://sourceforge.net/mailarchive/message.php?msg_name= d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%2540mail.gmail.com Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 30086
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30086
    title Fedora 8 : icu-3.8-5.fc8 (2008-1036)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-1076.NASL
    description CVE-2007-4770 & CVE-2007-4771 Flaws in icu regexp handling. Technical details can be found at http://sourceforge.net/mailarchive/message.php?msg_name= d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%2540mail.gmail.com Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 30087
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30087
    title Fedora 7 : icu-3.6-20.fc7 (2008-1076)
oval via4
  • accepted 2013-04-29T04:12:03.133-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
    family unix
    id oval:org.mitre.oval:def:11172
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
    version 18
  • accepted 2008-04-21T04:00:22.668-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
    family unix
    id oval:org.mitre.oval:def:5507
    status accepted
    submitted 2008-03-11T10:54:47.000-04:00
    title Multiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)
    version 31
redhat via4
advisories
rhsa
id RHSA-2008:0090
rpms
  • icu-0:3.6-5.11.1
  • libicu-0:3.6-5.11.1
  • libicu-devel-0:3.6-5.11.1
  • libicu-doc-0:3.6-5.11.1
refmap via4
bid 27455
bugtraq 20080206 rPSA-2008-0043-1 icu
confirm
debian DSA-1511
fedora
  • FEDORA-2008-1036
  • FEDORA-2008-1076
gentoo
  • GLSA-200803-20
  • GLSA-200805-16
mandriva MDVSA-2008:026
mlist [icu-support] 20080122 ICU Patch for bugs in Regular Expressions
sectrack 1019269
secunia
  • 28575
  • 28615
  • 28669
  • 28783
  • 29194
  • 29242
  • 29291
  • 29294
  • 29333
  • 29852
  • 29910
  • 29987
  • 30179
sunalert
  • 231641
  • 233922
suse
  • SUSE-SA:2008:023
  • SUSE-SR:2008:005
ubuntu USN-591-1
vupen
  • ADV-2008-0282
  • ADV-2008-0807
  • ADV-2008-1375
xf libicu-restackframes-dos(39938)
Last major update 07-03-2011 - 21:59
Published 28-01-2008 - 19:00
Last modified 15-10-2018 - 17:37
Back to Top