CVE-2016-6293
CVE-2016-6293
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4http://openwall.com/lists/oss-security/2016/07/24/2https://bugs.php.net/72533https://security.gentoo.org/glsa/201701-58https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttp://www.securityfocus.com/bid/92127