Buffer Overflow Affecting icu4c package, versions >=0.0.0


0.0
critical

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High
Expand this section
NVD
9.8 critical
Expand this section
RHEL
7.3 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-COCOAPODS-ICU4C-470693
  • published 2 Oct 2019
  • disclosed 6 Dec 2017
  • credit Unknown

How to fix?

There is no fixed version for icu4c.

Overview

icu4c is an International Components for Unicode.

Affected versions of this package are vulnerable to Buffer Overflow. A malicious user can pass a string to the ucnv_UTF8FromUTF8 function in ucnv_u8.cpp to cause a buffer overflow that can crash the application or cause arbitrary code to be executed.