Vulnerability Details CVE-2016-6293
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
- http://openwall.com/lists/oss-security/2016/07/24/2
- http://www.securityfocus.com/bid/92127
- https://bugs.php.net/72533
- https://security.gentoo.org/glsa/201701-58
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
- http://openwall.com/lists/oss-security/2016/07/24/2
- http://www.securityfocus.com/bid/92127
- https://bugs.php.net/72533
- https://security.gentoo.org/glsa/201701-58
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Products affected by CVE-2016-6293
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.1.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.4.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.5
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.7
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:1.8.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.0
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.0.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.0.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.4
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.6.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.6.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:2.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.0
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.2.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.4
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.4.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:3.8.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.0
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.0.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.2.0.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.4.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.4.2.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.6
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.6.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.8
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:4.8.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:49.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:49.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:49.1.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.1.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:50.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:51.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:51.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:51.3
-
cpe:2.3:a:icu-project:international_components_for_unicode:52.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:52.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:52.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:53.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:53.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:54.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:54.1.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:54.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:55.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:55.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:56.1
-
cpe:2.3:a:icu-project:international_components_for_unicode:56.2
-
cpe:2.3:a:icu-project:international_components_for_unicode:57.1