CVE - CVE-2007-4771

CVE-ID
CVE-2007-4771	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080206 rPSA-2008-0043-1 icu URL:http://www.securityfocus.com/archive/1/487677/100/0/threaded MLIST:[icu-support] 20080122 ICU Patch for bugs in Regular Expressions URL:http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=429025 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043 CONFIRM:https://issues.rpath.com/browse/RPL-2199 CONFIRM:http://www.openoffice.org/security/cves/CVE-2007-4770.html CONFIRM:http://www.openoffice.org/security/cves/CVE-2007-5745.html DEBIAN:DSA-1511 URL:http://www.debian.org/security/2008/dsa-1511 FEDORA:FEDORA-2008-1036 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html FEDORA:FEDORA-2008-1076 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html GENTOO:GLSA-200803-20 URL:http://security.gentoo.org/glsa/glsa-200803-20.xml GENTOO:GLSA-200805-16 URL:http://security.gentoo.org/glsa/glsa-200805-16.xml MANDRIVA:MDVSA-2008:026 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:026 REDHAT:RHSA-2008:0090 URL:http://rhn.redhat.com/errata/RHSA-2008-0090.html SUNALERT:233922 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1 SUNALERT:231641 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1 SUSE:SUSE-SR:2008:005 URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html SUSE:SUSE-SA:2008:023 URL:http://www.novell.com/linux/security/advisories/2008_23_openoffice.html UBUNTU:USN-591-1 URL:http://www.ubuntu.com/usn/usn-591-1 BID:27455 URL:http://www.securityfocus.com/bid/27455 OVAL:oval:org.mitre.oval:def:10507 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10507 VUPEN:ADV-2008-0282 URL:http://www.vupen.com/english/advisories/2008/0282 VUPEN:ADV-2008-0807 URL:http://www.vupen.com/english/advisories/2008/0807/references VUPEN:ADV-2008-1375 URL:http://www.vupen.com/english/advisories/2008/1375/references OVAL:oval:org.mitre.oval:def:5431 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5431 SECTRACK:1019269 URL:http://securitytracker.com/id?1019269 SECUNIA:28575 URL:http://secunia.com/advisories/28575 SECUNIA:28615 URL:http://secunia.com/advisories/28615 SECUNIA:28669 URL:http://secunia.com/advisories/28669 SECUNIA:28783 URL:http://secunia.com/advisories/28783 SECUNIA:29194 URL:http://secunia.com/advisories/29194 SECUNIA:29242 URL:http://secunia.com/advisories/29242 SECUNIA:29291 URL:http://secunia.com/advisories/29291 SECUNIA:29333 URL:http://secunia.com/advisories/29333 SECUNIA:29294 URL:http://secunia.com/advisories/29294 SECUNIA:29852 URL:http://secunia.com/advisories/29852 SECUNIA:29910 URL:http://secunia.com/advisories/29910 SECUNIA:29987 URL:http://secunia.com/advisories/29987 SECUNIA:30179 URL:http://secunia.com/advisories/30179 XF:libicu-dointerval-bo(39936) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39936
Assigning CNA
N/A
Date Entry Created
20070910	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070910)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.