CVE-2017-14952: Double Free

Q: What is the severity of CVE-2017-14952?

CVE-2017-14952 has a high severity due to its potential for remote code execution.

Q: How can I mitigate CVE-2017-14952?

To mitigate CVE-2017-14952, update the International Components for Unicode (ICU) library to version 59.2 or later.

Q: Which versions of ICU are affected by CVE-2017-14952?

CVE-2017-14952 affects all versions of ICU prior to 59.2.

Q: What type of vulnerability is CVE-2017-14952?

CVE-2017-14952 is a double free vulnerability that allows for arbitrary code execution.

Q: Can CVE-2017-14952 be exploited remotely?

Yes, CVE-2017-14952 can be exploited remotely using specially crafted strings.

Published Oct 16, 2017

Updated

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

Other sources

International Components for Unicode (ICU) for C/C++ could allow a remote attacker to execute arbitrary code on the system, caused by a double free in i18n/zonemeta.cpp. By using a specially crafted string, an attacker could exploit this vulnerability to execute arbitrary code on the system.

— IBM

Affected Software

1 affected component

icu-project International Components For Unicode C\/c\+\+<=59.1

Remediation

Patch Available

http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

Event History

Oct 16, 2017

CVE Published

via MITRE·04:00 PM

Data Sourced

via MITRE·04:00 PM

Description

Aug 4, 2024

Data Sourced

via IBM·07:40 PM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-1073530

Frequently Asked Questions

What is the severity of CVE-2017-14952?

CVE-2017-14952 has a high severity due to its potential for remote code execution.

How can I mitigate CVE-2017-14952?