CVE-2017-15396
- Source
- https://cve.org/CVERecord?id=CVE-2017-15396
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15396.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-15396
- Downstream
- Related
- Published
- 2018-08-28T20:29:00.233Z
- Modified
- 2026-04-02T03:35:11.995927Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- References
-
- http://bugs.icu-project.org/trac/changeset/40494
- http://www.securityfocus.com/bid/101597
- https://crbug.com/770452
- https://access.redhat.com/errata/RHSA-2017:3082
- https://security.gentoo.org/glsa/201711-02
- https://www.debian.org/security/2017/dsa-4020
- https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html
Affected packages
Git / github.com/unicode-org/icu
Affected versions
Other
brs/2023-10-04
cldr-32-beta2
cldr/2020-09-22
cldr/2020-10-21
cldr/2020-12-03b
cldr/2021-02-17
cldr/2021-03-09
cldr/2021-06-15
cldr/2021-08-11
cldr/2021-08-25
cldr/2021-09-15
cldr/2021-09-29
cldr/2021-10-19
cldr/2021-10-25
cldr/2022-02-08
cldr/2022-02-22
cldr/2022-02-23
cldr/2022-03-30
cldr/2022-03-31
cldr/2022-04-11
cldr/2022-05-28
cldr/2022-06-27
cldr/2022-08-01
cldr/2022-08-11
cldr/2022-08-17
cldr/2022-09-07
cldr/2022-09-12
cldr/2022-10-11
cldr/2022-12-02
cldr/2022-12-04
cldr/2023-02-02
cldr/2023-02-21
cldr/2023-03-13
cldr/2023-03-15
cldr/2023-04-06
cldr/2023-04-10
cldr/2023-07-19
cldr/2023-07-20
cldr/2023-08-08
cldr/2023-08-22
cldr/2023-09-13
cldr/2023-09-25
cldr/2023-09-27
last-cvs-commit
last-svn-commit
latest
milestone-59-0-1
milestone-60-0-1
release-4-8-2
release-59-1
release-59-2
release-59-rc
release-60-1
release-60-rc
release-61-1
release-61-2
release-61-rc
release-62-1
release-62-2
release-62-rc
release-63-1
release-63-2
release-63-rc
release-64-1
release-64-2
release-64-2-rc
release-64-rc
release-64-rc2
release-65-1
release-65-rc
release-66-1
release-66-preview
release-66-rc
release-67-1
release-67-rc
release-68-1
release-68-2
release-68-alpha
release-68-rc
release-69-1
release-69-rc
release-70-1
release-70-rc
release-71-1
release-71-rc
release-72-1
release-72-rc
release-72-rc-cldr-beta3
release-73-1
release-73-2
release-73-rc
release-74-1
release-74-2
release-74-rc
release-75-1
release-75-rc
release-76-1
release-76-rc
release-77-1
release-77-rc
tools-unicodetools
icu4x/2022-06-30/71.*
icu4x/2022-06-30/71.x
icu4x/2022-07-18/71.*
icu4x/2022-07-18/71.x
icu4x/2022-07-25/71.*
icu4x/2022-07-25/71.x
icu4x/2022-08-17/71.*
icu4x/2022-08-17/71.x
icu4x/2023-02-09/72.*
icu4x/2023-02-09/72.x
icu4x/2023-02-24/72.*
icu4x/2023-02-24/72.x
icu4x/2023-03-06/72.*
icu4x/2023-03-06/72.x
icu4x/2023-03-22/72.*
icu4x/2023-03-22/72.x
icu4x/2023-03-22a/72.*
icu4x/2023-03-22a/72.x
icu4x/2023-05-02/73.*
icu4x/2023-05-02/73.x
icu4x/2024-05-03/75.*
icu4x/2024-05-03/75.x
icu4x/2024-05-16/75.*
icu4x/2024-05-16/75.x
icu4x/2024-12-16/76.*
icu4x/2024-12-16/76.x
icu4x/2025-05-01/77.*
icu4x/2025-05-01/77.x
icu4x/2025-05-21/77.*
icu4x/2025-05-21/77.x
release-78.*
release-78.1
release-78.1rc
release-78.2
release-78.3
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15396.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "62.0.3202.75"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
}
]
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "192840441545114378619813250366979318845",
"length": 738.0
},
"source": "https://github.com/unicode-org/icu/commit/e387c69929ca8efd74b18c003818eaf1aa72796e",
"id": "CVE-2017-15396-0665be7a",
"target": {
"file": "icu4c/source/i18n/calendar.cpp",
"function": "Calendar::Calendar"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"325685802249717243591186478154447385681",
"330425111751708711986405029191010233063",
"302617518288185007915410602740154765375",
"65927760232024905311805398030519512192",
"220088122259980491942425324046117488059",
"334568181182330390454228188089148380707",
"70812089052326599596021665023762728037",
"325685802249717243591186478154447385681",
"330425111751708711986405029191010233063",
"302617518288185007915410602740154765375",
"65927760232024905311805398030519512192",
"11214167307563743030815599546084798569",
"32851899556968729898458798557357405502",
"183229318103647865732631129237705043188",
"325685802249717243591186478154447385681",
"330425111751708711986405029191010233063",
"302617518288185007915410602740154765375",
"65927760232024905311805398030519512192",
"11214167307563743030815599546084798569",
"32851899556968729898458798557357405502",
"183229318103647865732631129237705043188",
"140052210765090965669177173444601724255",
"57828577385504098153271804074135426384",
"263624532797666685604441857636028381824",
"101436063379484036608588423828308594749"
],
"threshold": 0.9
},
"source": "https://github.com/unicode-org/icu/commit/e387c69929ca8efd74b18c003818eaf1aa72796e",
"id": "CVE-2017-15396-639f56a1",
"target": {
"file": "icu4c/source/i18n/calendar.cpp"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "313906442919399688347780690747714393675",
"length": 1156.0
},
"source": "https://github.com/unicode-org/icu/commit/e387c69929ca8efd74b18c003818eaf1aa72796e",
"id": "CVE-2017-15396-8515c455",
"target": {
"file": "icu4c/source/i18n/calendar.cpp",
"function": "operator="
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "36907280711190410477535904309479707110",
"length": 605.0
},
"source": "https://github.com/unicode-org/icu/commit/e387c69929ca8efd74b18c003818eaf1aa72796e",
"id": "CVE-2017-15396-951fc50c",
"target": {
"file": "icu4c/source/i18n/calendar.cpp",
"function": "Calendar::Calendar"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "213150955025431990309305928145694457188",
"length": 618.0
},
"source": "https://github.com/unicode-org/icu/commit/e387c69929ca8efd74b18c003818eaf1aa72796e",
"id": "CVE-2017-15396-b6217108",
"target": {
"file": "icu4c/source/i18n/calendar.cpp",
"function": "Calendar::Calendar"
}
}
]