Main Vulnerability Database SB2015101202

SB2015101202 - Data Handling in icu (Alpine package)

Published: October 12, 2015

Security Bulletin ID SB2015101202

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Data Handling (CVE-ID: CVE-2015-1270)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=717cf36fa33c72a0bbda4351e4f948e0747380ed
https://git.alpinelinux.org/aports/commit/?id=a1c3c770dba922f9b971534d089eed7ff53412d2
https://git.alpinelinux.org/aports/commit/?id=de8f0f0838b5449751f581681ac8c0fa9c68a6df
https://git.alpinelinux.org/aports/commit/?id=4979be8d1a8b85e58bc4836a5844392625025576
https://git.alpinelinux.org/aports/commit/?id=5822bc38c93619c711ea1a61649940fca113f02f
https://git.alpinelinux.org/aports/commit/?id=e86e30788cfe889e9a7133713578da75083701b7
https://git.alpinelinux.org/aports/commit/?id=fb88495ec245c502244e9316b9dc6c3492a5abcd
https://git.alpinelinux.org/aports/commit/?id=6a31b73a690783131976ef2122553ee9b5e8cffa