seeing is believing
Showing 1 - 6 of 6 RSS Feed

CVE-2007-4770

Status Candidate

Overview

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka �), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

Related Files

Gentoo Linux Security Advisory 200805-16
Posted May 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4770, CVE-2007-4771, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
MD5 | c5ac7f6c3461ccefbfb9d489ee5db5b6
SUSE-SA-2008-023.txt
Posted Apr 21, 2008
Site suse.com

SUSE Security Announcement - A large amount of vulnerabilities related to OpenOffice have been patched on SuSE.

tags | advisory, vulnerability
systems | linux, suse
advisories | CVE-2008-0320, CVE-2007-5747, CVE-2007-5746, CVE-2007-5745, CVE-2007-4771, CVE-2007-4770
MD5 | 4c5cfdda92016701c5e930c64821e6b0
Ubuntu Security Notice 591-1
Posted Mar 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 591-1 - Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program. Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4770, CVE-2007-4771
MD5 | 709c3b4e0e8ffb4ab82d69a87f5b976e
Gentoo Linux Security Advisory 200803-20
Posted Mar 13, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-20 - Will Drewry (Google Security) reported a vulnerability in the regular expression engine when using back references to capture \0 characters (CVE-2007-4770). He also found that the backtracking stack size is not limited, possibly allowing for a heap-based buffer overflow (CVE-2007-4771). Versions less than 3.8.1-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-4770, CVE-2007-4771
MD5 | eaf7de4e9d22e760b2e1a5d10e3173f9
Debian Linux Security Advisory 1511-1
Posted Mar 3, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1511-1 - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. A heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2007-4770, CVE-2007-4771
MD5 | 7a21892de68e8fbb86fad8249d0d85f3
Mandriva Linux Security Advisory 2008-026
Posted Jan 26, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4770, CVE-2007-4771
MD5 | 480ce9401b03aa8a2e001186d385295d
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    23 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close