Main Vulnerability Database Vulnerabilities #VU13054

Double free memory error in icu - CVE-2017-14952

Published: May 30, 2018

Vulnerability identifier: #VU13054

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-14952

CWE-ID: CWE-415

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ICU - International Components for Unicode

Affected software:
icu

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to double free memory error in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++. A remote unauthenticated attacker can supply a ca specially crafted string, aka a "redundant UVector entry clean up function call" issue, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2017-14952

Update to version 59.1.

Sources

http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

Double free memory error in icu - CVE-2017-14952

Detailed vulnerability description

How to mitigate CVE-2017-14952

Sources

Please verify you're human