CVE-2007-4771
Published: 29 January 2008
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
Priority
Status
Package | Release | Status |
---|---|---|
icu Launchpad, Ubuntu, Debian |
dapper |
Released
(3.4.1a-1ubuntu1.6.06.1)
|
edgy |
Released
(3.4.1a-1ubuntu1.6.10.1)
|
|
feisty |
Released
(3.6-2ubuntu0.1)
|
|
gutsy |
Released
(3.6-3ubuntu0.1)
|
|
upstream |
Needed
|
|
Patches: vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:026 vendor: https://rhn.redhat.com/errata/RHSA-2008-0090.html vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688 other: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com |