CVE-2016-7415: Buffer Overflow

Published Sep 3, 2016
·
Updated

International Components for Unicode (ICU) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Locale class in common/locid.cpp. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Other sources

It was found that big locale string causes stack based overflow inside libicu.

PHP bug:

https://bugs.php.net/bug.php?id=73007

CVE assignment:

http://seclists.org/oss-sec/2016/q3/518

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.

Affected Software

2 affected componentsFixes available
redhat/icu<58.1
58.1
icu-project International Components For Unicode C\/c\+\+<=57.1

Event History

Sep 3, 2016
CVE Published
12:00 AM
Data Sourced
12:00 AM
RemedyDescriptionSeverityWeakness
Sep 17, 2016
CVE Published
via MITRE·09:00 PM
Data Sourced
via MITRE·09:00 PM
Description
Aug 4, 2024
Data Sourced
via IBM·07:40 PM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2016-7415?

CVE-2016-7415 is considered critical due to its potential for remote code execution.

2

How do I fix CVE-2016-7415?

To mitigate CVE-2016-7415, update to ICU version 58.1 or later.

3

Which versions of ICU are affected by CVE-2016-7415?

CVE-2016-7415 affects ICU versions prior to 58.1 and from 57.1 and earlier.

4

Can CVE-2016-7415 be exploited remotely?

Yes, CVE-2016-7415 can be exploited remotely by sending an overly long string.

5

What type of vulnerability is CVE-2016-7415?

CVE-2016-7415 is a stack-based buffer overflow vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203