ID CVE-2017-14952
Summary Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
References
Vulnerable Configurations
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.4.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.4.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.5:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.5:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.6:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.6:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.7:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.7:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.8:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.8:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:1.8.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:1.8.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.0:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.0:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.0.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.0.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.0.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.0.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.4:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.4:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.6:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.6:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.6.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.6.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.6.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.6.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:2.8:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:2.8:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.0:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.0:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.2.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.2.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.4:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.4:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.4.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.4.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.6:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.6:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.8:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.8:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:3.8.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:3.8.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.0:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.0:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.0.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.0.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.2.0.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.2.0.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.4.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.4.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.6:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.6:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.6.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.6.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.8:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.8:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:49.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:49.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:49.1.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:49.1.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:49.1.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:49.1.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:50.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:50.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:50.1.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:50.1.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:50.1.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:50.1.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:50.1.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:50.1.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:50.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:50.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:51.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:51.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:51.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:51.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:51.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:51.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:51.3:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:51.3:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:52.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:52.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:52.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:52.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:52.1.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:52.1.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:52.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:52.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:53.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:53.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:53.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:53.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:53.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:53.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:54.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:54.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:54.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:54.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:54.1.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:54.1.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:54.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:54.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:55.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:55.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:55.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:55.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:55.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:55.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:56.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:56.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:56.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:56.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:56.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:56.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:57.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:57.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:57.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:57.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:57.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:57.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:58.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:58.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:58.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:58.1:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:58.2:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:58.2:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:58.2:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:58.2:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:58.3:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:58.3:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:59:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:59:rc:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:59.1:*:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:59.1:*:*:*:*:c\/c\+\+:*:*
  • cpe:2.3:a:icu-project:international_components_for_unicode:59.1:rc:*:*:*:c\/c\+\+:*:*
    cpe:2.3:a:icu-project:international_components_for_unicode:59.1:rc:*:*:*:c\/c\+\+:*:*
CVSS
Base: 7.5 (as of 23-04-2019 - 19:29)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp
misc
Last major update 23-04-2019 - 19:29
Published 16-10-2017 - 16:29
Last modified 23-04-2019 - 19:29
Back to Top