Vulnerability Details CVE-2014-9911
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://bugs.icu-project.org/trac/changeset/35699
- http://bugs.icu-project.org/trac/ticket/1089
- http://www.openwall.com/lists/oss-security/2016/11/25/1
- http://www.securityfocus.com/bid/94520
- http://www.securitytracker.com/id/1037556
- https://bugs.php.net/bug.php?id=67397
- https://bugzilla.redhat.com/show_bug.cgi?id=1383569
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://bugs.icu-project.org/trac/changeset/35699
- http://bugs.icu-project.org/trac/ticket/1089
- http://www.openwall.com/lists/oss-security/2016/11/25/1
- http://www.securityfocus.com/bid/94520
- http://www.securitytracker.com/id/1037556
- https://bugs.php.net/bug.php?id=67397
- https://bugzilla.redhat.com/show_bug.cgi?id=1383569
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Products affected by CVE-2014-9911
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.5
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.7
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.8.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.0
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.0.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.0.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.4
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.6.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.6.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.0
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.2.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.4
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.4.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.8.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.0
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.0.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.2.0.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.4.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.6.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:49.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:49.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:49.1.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.1.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:51.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:51.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:51.3
-
cpe:2.3:a:icu-project:international_components_for_unicode:52.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:52.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:52.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:53.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:53.2