Remote Code Execution (RCE) Affecting icu4c Open this link in a new tab package, versions >=0.0.0


0.0
critical
  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-COCOAPODS-ICU4C-470690

  • published

    2 Oct 2019

  • disclosed

    9 Aug 2017

  • credit

    Unknown

How to fix?

There is no fixed version for icu4c.

Overview

icu4c is an International Components for Unicode.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). A malicious user can pass a string to the application to cause a double free that can crash the application or cause arbitrary code to be executed.