CVE-2017-7867: Buffer Overflow

Q: What is the severity of CVE-2017-7867?

CVE-2017-7867 is classified as a high severity vulnerability due to its potential for exploitation through a heap-based buffer overflow.

Q: How do I fix CVE-2017-7867?

To fix CVE-2017-7867, it is recommended to upgrade the International Components for Unicode (ICU) to version 58.2 or later.

Q: What software is affected by CVE-2017-7867?

CVE-2017-7867 affects the International Components for Unicode (ICU) versions before 58.2 and Debian Linux version 8.0.

Q: What type of vulnerability is CVE-2017-7867?

CVE-2017-7867 is an out-of-bounds write vulnerability caused by a heap-based buffer overflow.

Q: What functions are related to CVE-2017-7867?

CVE-2017-7867 is related to the utf8TextAccess function and the utext_setNativeIndex* functions in common/utext.cpp.

Published Apr 14, 2017

Updated

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextsetNativeIndex function.

Affected Software

2 affected components

icu-project International Components For Unicode C\/c\+\+<=58.2

Debian Debian Linux=8.0

Remediation

Patch Available

http://bugs.icu-project.org/trac/changeset/39671

Event History

Apr 14, 2017

CVE Published

via MITRE·04:30 AM

Data Sourced

via MITRE·04:30 AM

Description

Frequently Asked Questions

What is the severity of CVE-2017-7867?

CVE-2017-7867 is classified as a high severity vulnerability due to its potential for exploitation through a heap-based buffer overflow.

How do I fix CVE-2017-7867?

To fix CVE-2017-7867, it is recommended to upgrade the International Components for Unicode (ICU) to version 58.2 or later.

What software is affected by CVE-2017-7867?