CVE-2017-17484 in International Components for Unicodeinfo

Summary

The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/10/2017

Disclosure

12/10/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
110440International Components for Unicode ucnv_u8.cpp ucnv_UTF8FromUTF8 memory corruption119Not definedOfficial fixCVE-2017-17484

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!