1. CVE-Search
  2. CVE-2007-4771
ID CVE-2007-4771
Summary Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.5:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.5:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.6:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.6:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.7:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.7:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.8:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.8:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.8.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.8.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.0:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.0:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.0.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.0.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.0.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.0.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.4:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.4:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.6:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.6:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.6.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.6.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.6.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.6.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.8:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.8:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.0:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.0:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.2.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.2.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.4:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.4:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.4.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.4.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.6:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.6:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.8:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.8:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.8.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.8.1:*:*:*:*:c\/c\+\+:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:37)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2013-04-29T04:06:15.013-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
    family unix
    id oval:org.mitre.oval:def:10507
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
    version 18
  • accepted 2008-04-21T04:00:22.018-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
    family unix
    id oval:org.mitre.oval:def:5431
    status accepted
    submitted 2008-03-11T10:54:48.000-04:00
    title Multiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)
    version 35
redhat via4
advisories
bugzilla
id 429025
title CVE-2007-4771 libicu incomplete interval handling
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment icu is earlier than 0:3.6-5.11.1
          oval oval:com.redhat.rhsa:tst:20080090001
        • comment icu is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080090002
      • AND
        • comment libicu is earlier than 0:3.6-5.11.1
          oval oval:com.redhat.rhsa:tst:20080090003
        • comment libicu is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080090004
      • AND
        • comment libicu-devel is earlier than 0:3.6-5.11.1
          oval oval:com.redhat.rhsa:tst:20080090005
        • comment libicu-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080090006
      • AND
        • comment libicu-doc is earlier than 0:3.6-5.11.1
          oval oval:com.redhat.rhsa:tst:20080090007
        • comment libicu-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080090008
rhsa
id RHSA-2008:0090
released 2008-01-25
severity Important
title RHSA-2008:0090: icu security update (Important)
rpms
  • icu-0:3.6-5.11.1
  • icu-debuginfo-0:3.6-5.11.1
  • libicu-0:3.6-5.11.1
  • libicu-devel-0:3.6-5.11.1
  • libicu-doc-0:3.6-5.11.1
refmap via4
bid 27455
bugtraq 20080206 rPSA-2008-0043-1 icu
confirm
debian DSA-1511
fedora
  • FEDORA-2008-1036
  • FEDORA-2008-1076
gentoo
  • GLSA-200803-20
  • GLSA-200805-16
mandriva MDVSA-2008:026
mlist [icu-support] 20080122 ICU Patch for bugs in Regular Expressions
sectrack 1019269
secunia
  • 28575
  • 28615
  • 28669
  • 28783
  • 29194
  • 29242
  • 29291
  • 29294
  • 29333
  • 29852
  • 29910
  • 29987
  • 30179
sunalert
  • 231641
  • 233922
suse
  • SUSE-SA:2008:023
  • SUSE-SR:2008:005
ubuntu USN-591-1
vupen
  • ADV-2008-0282
  • ADV-2008-0807
  • ADV-2008-1375
xf libicu-dointerval-bo(39936)
Last major update 15-10-2018 - 21:37
Published 29-01-2008 - 00:00
Last modified 15-10-2018 - 21:37
Back to Top