CVE-2014-8146
CVE-2014-8146
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/43887no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://bugs.icu-project.org/trac/changeset/37162http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://openwall.com/lists/oss-security/2015/05/05/6http://seclists.org/fulldisclosure/2015/May/14https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txthttps://security.gentoo.org/glsa/201507-04https://support.apple.com/HT205212https://support.apple.com/HT205213https://support.apple.com/HT205221