Main Vulnerability Database Vulnerabilities #VU13054

#VU13054 Double free memory error in icu - CVE-2017-14952

Published: May 30, 2018

Vulnerability identifier: #VU13054

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-14952

CWE-ID: CWE-415

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
icu

Software vendor:
ICU - International Components for Unicode

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to double free memory error in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++. A remote unauthenticated attacker can supply a ca specially crafted string, aka a "redundant UVector entry clean up function call" issue, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 59.1.

External links

http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

#VU13054 Double free memory error in icu - CVE-2017-14952

Description

Remediation

External links

Please verify you're human