exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-4771

Status Candidate

Overview

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

Related Files

Gentoo Linux Security Advisory 200805-16
Posted May 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4770, CVE-2007-4771, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
SHA-256 | 82c6a43132ca6c9ca557f4f425c4fd77217a2daa4bbf5b388fdaff52633460b9
SUSE-SA-2008-023.txt
Posted Apr 21, 2008
Site suse.com

SUSE Security Announcement - A large amount of vulnerabilities related to OpenOffice have been patched on SuSE.

tags | advisory, vulnerability
systems | linux, suse
advisories | CVE-2008-0320, CVE-2007-5747, CVE-2007-5746, CVE-2007-5745, CVE-2007-4771, CVE-2007-4770
SHA-256 | 844f9feac6e7fecf046f967e47d04ca672e92a3da3619753c28a416cc530a21c
Ubuntu Security Notice 591-1
Posted Mar 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 591-1 - Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program. Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4770, CVE-2007-4771
SHA-256 | 43ef2719613b8d5bf9eea3846c82191bc3d3dec5515dd68f8bb516d313dad394
Gentoo Linux Security Advisory 200803-20
Posted Mar 13, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-20 - Will Drewry (Google Security) reported a vulnerability in the regular expression engine when using back references to capture \0 characters (CVE-2007-4770). He also found that the backtracking stack size is not limited, possibly allowing for a heap-based buffer overflow (CVE-2007-4771). Versions less than 3.8.1-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-4770, CVE-2007-4771
SHA-256 | f981efd5f730cb09f5be1a034695e4cb9c063e51327d95b36499e0704ff91262
Debian Linux Security Advisory 1511-1
Posted Mar 3, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1511-1 - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. A heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2007-4770, CVE-2007-4771
SHA-256 | 140c09e90595d14615d4bf880f781588fb7701045a1ed81c3c493c98a2ec1c87
Mandriva Linux Security Advisory 2008-026
Posted Jan 26, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4770, CVE-2007-4771
SHA-256 | a999038e1e8e36b24fcc7d2f55e5e1d342de60b514b62e574149b8f7caa40f7a
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close