Homepage
About Snyk

Remote Code Execution (RCE) Affecting icu4c package, versions >=0.0.0

0.0
critical

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 2.57% (91st percentile)
Expand this section
NVD
9.8 critical
Expand this section
Red Hat
4.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-COCOAPODS-ICU4C-470690
  • published 2 Oct 2019
  • disclosed 9 Aug 2017
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 9 Aug 2017

CVE-2017-14952 Open this link in a new tab
CWE-415 Open this link in a new tab

How to fix?

There is no fixed version for icu4c.

Overview

icu4c is an International Components for Unicode.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). A malicious user can pass a string to the application to cause a double free that can crash the application or cause arbitrary code to be executed.