CVE-2007-4771

Publication date 29 January 2008

Last updated 24 July 2024

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
icu	7.10 gutsy	Fixed 3.6-3ubuntu0.1
	7.04 feisty	Fixed 3.6-2ubuntu0.1
	6.10 edgy	Fixed 3.4.1a-1ubuntu1.6.10.1
	6.06 LTS dapper	Fixed 3.4.1a-1ubuntu1.6.06.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
icu	Vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:026 Vendor: https://rhn.redhat.com/errata/RHSA-2008-0090.html Vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688 Other: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com

CVE-2007-4771

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references