According to the RedHat summary: It was found that uloc_acceptLanguageFromHTTP function in common/uloc.cpp does not ensure that there is a '\0' character at the end of a certain temporary array that leads to out of bounds access, possibly causing DoS. Upstream ticket, members only :-( http://bugs.icu-project.org/trac/ticket/12652 Reproducible: Always
*** This bug has been marked as a duplicate of bug 589814 ***