Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 645708 (CVE-2017-17484) - <dev-libs/icu{58.2-r1,60.2}: stack-based buffer overflow in ucnv_u8.cpp:ucnv_UTF8FromUTF8 can lead to denial of service (CVE-2017-17484)
Summary: <dev-libs/icu{58.2-r1,60.2}: stack-based buffer overflow in ucnv_u8.cpp:ucnv_...
Status: RESOLVED OBSOLETE
Alias: CVE-2017-17484
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-25 15:52 UTC by GLSAMaker/CVETool Bot
Modified: 2018-04-03 15:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-25 15:52:35 UTC
CVE-2017-17484 (https://nvd.nist.gov/vuln/detail/CVE-2017-17484):
  The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components
  for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for
  UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial
  of service (stack-based buffer overflow and application crash) or possibly
  have unspecified other impact via a crafted string, as demonstrated by ZNC.
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-03 15:13:31 UTC
Fixed by the noted versions which are already stable in the tree.