CVE-2007-4771 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2007-4771

CVE-2007-4771

January 28, 2008

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

Related Resources (41)

http://www.vupen.com/english/advisories/2008/0807/references

http://www.openoffice.org/security/cves/CVE-2007-5745.html

https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4771

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043

http://secunia.com/advisories/29194

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00896.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10507

http://rhn.redhat.com/errata/RHSA-2008-0090.html

http://securitytracker.com/id?1019269

http://www.openoffice.org/security/cves/CVE-2007-4770.html

http://secunia.com/advisories/28575

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00921.html

http://www.securityfocus.com/archive/1/487677/100/0/threaded

http://sunsolve.sun.com/search/document.do?assetkey=1-26-231641-1

http://secunia.com/advisories/29333

https://bugzilla.redhat.com/show_bug.cgi?id=429025

http://secunia.com/advisories/29852

http://security.gentoo.org/glsa/glsa-200803-20.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-233922-1

http://secunia.com/advisories/29987

http://secunia.com/advisories/29910

http://www.debian.org/security/2008/dsa-1511

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5431

http://secunia.com/advisories/30179

https://issues.rpath.com/browse/RPL-2199

http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com

http://www.securityfocus.com/bid/27455

http://secunia.com/advisories/29291

http://www.vupen.com/english/advisories/2008/0282

http://www.vupen.com/english/advisories/2008/1375/references

http://secunia.com/advisories/28615

http://www.mandriva.com/security/advisories?name=MDVSA-2008:026

http://security.gentoo.org/glsa/glsa-200805-16.xml

http://secunia.com/advisories/28783

http://secunia.com/advisories/29294

https://exchange.xforce.ibmcloud.com/vulnerabilities/39936

http://secunia.com/advisories/29242

http://www.novell.com/linux/security/advisories/2008_23_openoffice.html

http://secunia.com/advisories/28669

http://www.ubuntu.com/usn/usn-591-1

Do you need more information?

CVSS v4

Base Score:

9.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

9.3

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

EPSS

Base Score:

2.33