Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 645708 (CVE-2017-17484)

Summary: <dev-libs/icu{58.2-r1,60.2}: stack-based buffer overflow in ucnv_u8.cpp:ucnv_UTF8FromUTF8 can lead to denial of service (CVE-2017-17484)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal CC: office
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-25 15:52:35 UTC 
CVE-2017-17484 (https://nvd.nist.gov/vuln/detail/CVE-2017-17484):
  The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components
  for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for
  UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial
  of service (stack-based buffer overflow and application crash) or possibly
  have unspecified other impact via a crafted string, as demonstrated by ZNC.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-03 15:13:31 UTC 
Fixed by the noted versions which are already stable in the tree.