CVE-2011-4599

Priority
Medium
Description
Stack-based buffer overflow in the _canonicalize function in common/uloc.c
in International Components for Unicode (ICU) before 49.1 allows remote
attackers to execute arbitrary code via a crafted locale ID that is not
properly handled during variant canonicalization.
References
Bugs
Notes
jdstrand> based on the patch, looks like a heap buffer overflow
Assigned-to
mdeslaur
Package
Source: icu (LP Ubuntu Debian)
Upstream:released (4.8.1.1-3)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (4.2.1-3ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (4.4.2-2ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (4.4.2-2ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4.8.1.1-3)
Patches:
Patch:http://bugs.icu-project.org/trac/ticket/8984
Vendor:https://rhn.redhat.com/errata/RHSA-2011-1815.html
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-27 20:14:42 UTC (commit 5449)