CVE-2011-4599
Published: 15 December 2011
Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.
Notes
Author | Note |
---|---|
jdstrand | based on the patch, looks like a heap buffer overflow |
Priority
Status
Package | Release | Status |
---|---|---|
icu Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(4.2.1-3ubuntu0.10.04.1)
|
|
maverick |
Released
(4.2.1-3ubuntu0.10.10.1)
|
|
natty |
Released
(4.4.2-2ubuntu0.11.04.1)
|
|
oneiric |
Released
(4.4.2-2ubuntu0.11.10.1)
|
|
upstream |
Released
(4.8.1.1-3)
|
|
Patches: other: http://bugs.icu-project.org/trac/ticket/8984 vendor: https://rhn.redhat.com/errata/RHSA-2011-1815.html |