CVE-2017-17484 - Vulnerability Details

Vendors	Products
Icu-project	International Components For Unicode

Link	Providers
https://github.com/znc/znc/issues/1459
https://nvd.nist.gov/vuln/detail/CVE-2017-17484
https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp
https://ssl.icu-project.org/trac/changeset/40714
https://ssl.icu-project.org/trac/changeset/40715
https://ssl.icu-project.org/trac/ticket/13490
https://ssl.icu-project.org/trac/ticket/13510
https://www.cve.org/CVERecord?id=CVE-2017-17484
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-23T19:08:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ssl.icu-project.org/trac/ticket/13490"}, {"tags": ["x_refsource_MISC"], "url": "https://ssl.icu-project.org/trac/changeset/40714"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/znc/znc/issues/1459"}, {"tags": ["x_refsource_MISC"], "url": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp"}, {"tags": ["x_refsource_MISC"], "url": "https://ssl.icu-project.org/trac/ticket/13510"}, {"tags": ["x_refsource_MISC"], "url": "https://ssl.icu-project.org/trac/changeset/40715"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17484", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ssl.icu-project.org/trac/ticket/13490", "refsource": "MISC", "url": "https://ssl.icu-project.org/trac/ticket/13490"}, {"name": "https://ssl.icu-project.org/trac/changeset/40714", "refsource": "MISC", "url": "https://ssl.icu-project.org/trac/changeset/40714"}, {"name": "https://github.com/znc/znc/issues/1459", "refsource": "MISC", "url": "https://github.com/znc/znc/issues/1459"}, {"name": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp", "refsource": "MISC", "url": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp"}, {"name": "https://ssl.icu-project.org/trac/ticket/13510", "refsource": "MISC", "url": "https://ssl.icu-project.org/trac/ticket/13510"}, {"name": "https://ssl.icu-project.org/trac/changeset/40715", "refsource": "MISC", "url": "https://ssl.icu-project.org/trac/changeset/40715"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:51:31.622Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ssl.icu-project.org/trac/ticket/13490"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ssl.icu-project.org/trac/changeset/40714"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/znc/znc/issues/1459"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ssl.icu-project.org/trac/ticket/13510"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ssl.icu-project.org/trac/changeset/40715"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17484", "datePublished": "2017-12-10T20:00:00", "dateReserved": "2017-12-10T00:00:00", "dateUpdated": "2024-08-05T20:51:31.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2017-12-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-04-23T19:08:15 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ssl.icu-project.org/trac/ticket/13490 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ssl.icu-project.org/trac/changeset/40714 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/znc/znc/issues/1459 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ssl.icu-project.org/trac/ticket/13510 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ssl.icu-project.org/trac/changeset/40715 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2017-17484 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://ssl.icu-project.org/trac/ticket/13490 (string)

refsource : MISC (string)

url : https://ssl.icu-project.org/trac/ticket/13490 (string)

}

1 : { »

name : https://ssl.icu-project.org/trac/changeset/40714 (string)

refsource : MISC (string)

url : https://ssl.icu-project.org/trac/changeset/40714 (string)

}

2 : { »

name : https://github.com/znc/znc/issues/1459 (string)

refsource : MISC (string)

url : https://github.com/znc/znc/issues/1459 (string)

}

3 : { »

name : https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp (string)

refsource : MISC (string)

url : https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp (string)

}

4 : { »

name : https://ssl.icu-project.org/trac/ticket/13510 (string)

refsource : MISC (string)

url : https://ssl.icu-project.org/trac/ticket/13510 (string)

}

5 : { »

name : https://ssl.icu-project.org/trac/changeset/40715 (string)

refsource : MISC (string)

url : https://ssl.icu-project.org/trac/changeset/40715 (string)

}

6 : { »

name : https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (string)

refsource : MISC (string)

url : https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T20:51:31.622Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ssl.icu-project.org/trac/ticket/13490 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ssl.icu-project.org/trac/changeset/40714 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/znc/znc/issues/1459 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ssl.icu-project.org/trac/ticket/13510 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ssl.icu-project.org/trac/changeset/40715 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2017-17484 (string)

datePublished : 2017-12-10T20:00:00 (string)

dateReserved : 2017-12-10T00:00:00 (string)

dateUpdated : 2024-08-05T20:51:31.622Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\\/c\\+\\+:*:*", "matchCriteriaId": "1A1E199C-0283-4005-A917-28E7B62394E6", "versionEndIncluding": "60.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC."}, {"lang": "es", "value": "La funci\u00f3n ucnv_UTF8FromUTF8 en ucnv_u8.cpp en International Components for Unicode (ICU) para C/C++ hasta la versi\u00f3n 60.1 gestiona de manera incorrecta las llamadas ucnv_convertEx para la conversi\u00f3n UTF-8 a UTF-8. Esto permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en pila y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, causen otro impacto sin especificar mediante una cadena manipulada, tal y como demuestra ZNC."}], "id": "CVE-2017-17484", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-10T20:29:00.197", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/znc/znc/issues/1459"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/changeset/40714"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/changeset/40715"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/ticket/13490"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/ticket/13510"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/znc/znc/issues/1459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/changeset/40714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/changeset/40715"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/ticket/13490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://ssl.icu-project.org/trac/ticket/13510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:* (string)

matchCriteriaId : 1A1E199C-0283-4005-A917-28E7B62394E6 (string)

versionEndIncluding : 60.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (string)

}

1 : { »

lang : es (string)

value : La función ucnv_UTF8FromUTF8 en ucnv_u8.cpp en International Components for Unicode (ICU) para C/C++ hasta la versión 60.1 gestiona de manera incorrecta las llamadas ucnv_convertEx para la conversión UTF-8 a UTF-8. Esto permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en pila y cierre inesperado de la aplicación) o, posiblemente, causen otro impacto sin especificar mediante una cadena manipulada, tal y como demuestra ZNC. (string)

}

]

id : CVE-2017-17484 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-12-10T20:29:00.197 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://github.com/znc/znc/issues/1459 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/changeset/40714 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/changeset/40715 (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/ticket/13490 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/ticket/13510 (string)

}

6 : { »

source : cve@mitre.org (string)

url : https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://github.com/znc/znc/issues/1459 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/changeset/40714 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/changeset/40715 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/ticket/13490 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://ssl.icu-project.org/trac/ticket/13510 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "icu: stack-based buffer overflow in ucnv_u8.cpp:ucnv_UTF8FromUTF8 can lead to denial of service", "id": "1524819", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524819"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-121", "details": ["The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC."], "name": "CVE-2017-17484", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "icu", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "icu", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "icu", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-11-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-17484\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17484"], "statement": "This issue did not affect the versions of icu as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : icu: stack-based buffer overflow in ucnv_u8.cpp:ucnv_UTF8FromUTF8 can lead to denial of service (string)

id : 1524819 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1524819 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.3 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (string)

status : draft (string)

}

cwe : CWE-121 (string)

details : [ »

0 : The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (string)

]

name : CVE-2017-17484 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : icu (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : icu (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : icu (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

]

public_date : 2017-11-21T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2017-17484 https://nvd.nist.gov/vuln/detail/CVE-2017-17484 (string)

]

statement : This issue did not affect the versions of icu as shipped with Red Hat Enterprise Linux 5, 6, and 7. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object