CVE - CVE-2007-4771

CVE-ID
CVE-2007-4771	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:27455 URL:http://www.securityfocus.com/bid/27455 BUGTRAQ:20080206 rPSA-2008-0043-1 icu URL:http://www.securityfocus.com/archive/1/487677/100/0/threaded CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043 CONFIRM:http://www.openoffice.org/security/cves/CVE-2007-4770.html CONFIRM:http://www.openoffice.org/security/cves/CVE-2007-5745.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=429025 CONFIRM:https://issues.rpath.com/browse/RPL-2199 DEBIAN:DSA-1511 URL:http://www.debian.org/security/2008/dsa-1511 FEDORA:FEDORA-2008-1036 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html FEDORA:FEDORA-2008-1076 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html GENTOO:GLSA-200803-20 URL:http://security.gentoo.org/glsa/glsa-200803-20.xml GENTOO:GLSA-200805-16 URL:http://security.gentoo.org/glsa/glsa-200805-16.xml MANDRIVA:MDVSA-2008:026 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:026~~ (Obsolete source) MLIST:[icu-support] 20080122 ICU Patch for bugs in Regular Expressions URL:http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com OVAL:oval:org.mitre.oval:def:10507 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10507 OVAL:oval:org.mitre.oval:def:5431 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5431 REDHAT:RHSA-2008:0090 URL:http://rhn.redhat.com/errata/RHSA-2008-0090.html SECTRACK:1019269 URL:http://securitytracker.com/id?1019269 SECUNIA:28575 URL:http://secunia.com/advisories/28575 SECUNIA:28615 URL:http://secunia.com/advisories/28615 SECUNIA:28669 URL:http://secunia.com/advisories/28669 SECUNIA:28783 URL:http://secunia.com/advisories/28783 SECUNIA:29194 URL:http://secunia.com/advisories/29194 SECUNIA:29242 URL:http://secunia.com/advisories/29242 SECUNIA:29291 URL:http://secunia.com/advisories/29291 SECUNIA:29294 URL:http://secunia.com/advisories/29294 SECUNIA:29333 URL:http://secunia.com/advisories/29333 SECUNIA:29852 URL:http://secunia.com/advisories/29852 SECUNIA:29910 URL:http://secunia.com/advisories/29910 SECUNIA:29987 URL:http://secunia.com/advisories/29987 SECUNIA:30179 URL:http://secunia.com/advisories/30179 SUNALERT:231641 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1~~ (Obsolete source) SUNALERT:233922 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1~~ (Obsolete source) SUSE:SUSE-SA:2008:023 URL:http://www.novell.com/linux/security/advisories/2008_23_openoffice.html SUSE:SUSE-SR:2008:005 URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html UBUNTU:USN-591-1 URL:http://www.ubuntu.com/usn/usn-591-1 VUPEN:ADV-2008-0282 URL:~~http://www.vupen.com/english/advisories/2008/0282~~ (Obsolete source) VUPEN:ADV-2008-0807 URL:~~http://www.vupen.com/english/advisories/2008/0807/references~~ (Obsolete source) VUPEN:ADV-2008-1375 URL:~~http://www.vupen.com/english/advisories/2008/1375/references~~ (Obsolete source) XF:libicu-dointerval-bo(39936) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39936
Assigning CNA
MITRE Corporation
Date Record Created
20070910	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070910)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)