The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "52.1-3ubuntu0.5", "binary_name": "icu-devtools" }, { "binary_version": "52.1-3ubuntu0.5", "binary_name": "icu-devtools-dbgsym" }, { "binary_version": "52.1-3ubuntu0.5", "binary_name": "icu-doc" }, { "binary_version": "52.1-3ubuntu0.5", "binary_name": "libicu-dev" }, { "binary_version": "52.1-3ubuntu0.5", "binary_name": "libicu-dev-dbgsym" }, { "binary_version": "52.1-3ubuntu0.5", "binary_name": "libicu52" }, { "binary_version": "52.1-3ubuntu0.5", "binary_name": "libicu52-dbg" }, { "binary_version": "52.1-3ubuntu0.5", "binary_name": "libicu52-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "55.1-7ubuntu0.1", "binary_name": "icu-devtools" }, { "binary_version": "55.1-7ubuntu0.1", "binary_name": "icu-devtools-dbgsym" }, { "binary_version": "55.1-7ubuntu0.1", "binary_name": "icu-doc" }, { "binary_version": "55.1-7ubuntu0.1", "binary_name": "libicu-dev" }, { "binary_version": "55.1-7ubuntu0.1", "binary_name": "libicu-dev-dbgsym" }, { "binary_version": "55.1-7ubuntu0.1", "binary_name": "libicu55" }, { "binary_version": "55.1-7ubuntu0.1", "binary_name": "libicu55-dbg" }, { "binary_version": "55.1-7ubuntu0.1", "binary_name": "libicu55-dbgsym" } ] }