CVE-2007-4770 — MEDIUM (6.8)

Q: How severe is CVE-2007-4770?

CVE-2007-4770 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4770?

Check the references section above for vendor advisories and patch information. Affected products include: Icu-Project International Components For Unicode.

Vulnerability Description

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Icu-Project	International Components For Unicode	<= 3.8.1

Related Weaknesses (CWE)

CWE-399

References

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2008-0090.htmlThird Party Advisory
http://secunia.com/advisories/28575Permissions Required
http://secunia.com/advisories/28615Permissions Required
http://secunia.com/advisories/28669Permissions Required
http://secunia.com/advisories/28783Permissions Required
http://secunia.com/advisories/29194Permissions Required
http://secunia.com/advisories/29242Permissions Required
http://secunia.com/advisories/29291Permissions Required
http://secunia.com/advisories/29294Permissions Required
http://secunia.com/advisories/29333Permissions Required
http://secunia.com/advisories/29852Permissions Required
http://secunia.com/advisories/29910Permissions Required
http://secunia.com/advisories/29987Permissions Required
http://secunia.com/advisories/30179Permissions Required

FAQ

What is CVE-2007-4770?

CVE-2007-4770 is a vulnerability with a CVSS score of 6.8 (MEDIUM). libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers ...

How severe is CVE-2007-4770?

CVE-2007-4770 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4770?

Check the references section above for vendor advisories and patch information. Affected products include: Icu-Project International Components For Unicode.