CVE-2017-17484: Buffer Overflow

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2017-17484.

Q: What is the severity of CVE-2017-17484?

CVE-2017-17484 has a severity rating of 9.8 (critical).

Q: What is the affected software?

The affected software is International Components for Unicode (ICU) for C/C++ through version 60.1.

Q: What is the description of CVE-2017-17484?

CVE-2017-17484 is a vulnerability in the ucnv_UTF8FromUTF8 function in ICU that mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, allowing remote attackers to cause a denial of service or potentially execute arbitrary code.

Q: How can I fix CVE-2017-17484?

To fix CVE-2017-17484, it is recommended to update ICU to a version that includes the necessary security patches.

Published Dec 10, 2017

Updated

The ucnvUTF8FromUTF8 function in ucnvu8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnvconvertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.

Affected Software

1 affected component

icu-project International Components For Unicode C\/c\+\+<=60.1

Remediation

Patch Available

https://ssl.icu-project.org/trac/changeset/40714

Event History

Dec 10, 2017

CVE Published

via MITRE·08:00 PM

Data Sourced

via MITRE·08:00 PM

Description

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2017-17484.

What is the severity of CVE-2017-17484?

CVE-2017-17484 has a severity rating of 9.8 (critical).

What is the affected software?