CVE-2017-14952

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2017-14952 MGASA-2017-0411 SUSE-SU-2018:1401-1 SUSE-SU-2018:1401-2 SUSE-SU-2018:1602-1 UBUNTU-CVE-2017-14952

Modified

Published: 16 Oct 2017, 16:00

Last modified:05 Aug 2024, 19:42

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.0 (nvd)

EPSS Score

2.94% LOW

3% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Oct 2017, 16:00

Published

Vulnerability first disclosed

05 Aug 2024, 19:42

Last Modified

Vulnerability information updated

Description

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

CVSS Metrics

v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 2.94%• Percentile: 87%

Techniques & Countermeasures

CWE-415•Double Free
The product calls free() twice on the same memory address.

Affected Systems

icu-project•international_components_for_unicode
≤ 59.1