Upstream information

CVE-2007-4770 at MITRE

Description

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 354372 [RESOLVED / FIXED], 363252 [RESOLVED / FIXED], 417817 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libicu >= 4.0-7.24.11
  • libicu-32bit >= 4.0-7.24.11
  • libicu-doc >= 4.0-7.24.11
  • libicu-x86 >= 4.0-7.24.11
SUSE Linux Enterprise Server 11 SP2
  • libicu >= 4.0-7.26.1
  • libicu-32bit >= 4.0-7.26.1
  • libicu-doc >= 4.0-7.26.1
  • libicu-x86 >= 4.0-7.24.11
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
  • libicu >= 4.0-7.26.15
  • libicu-32bit >= 4.0-7.26.15
  • libicu-doc >= 4.0-7.26.15
  • libicu-x86 >= 4.0-7.26.15
SUSE Linux Enterprise Software Development Kit 11 SP4
  • icu >= 4.0-7.26.15
  • libicu-32bit >= 4.0-7.26.15
  • libicu-devel >= 4.0-7.26.15
  • libicu-devel-32bit >= 4.0-7.26.15
openSUSE Tumbleweed
  • icu >= 69.1-2.3
  • libicu-devel >= 69.1-2.3
  • libicu-devel-32bit >= 69.1-2.3
  • libicu-doc >= 69.1-2.3
  • libicu69 >= 69.1-2.3
  • libicu69-32bit >= 69.1-2.3
  • libicu69-bedata >= 69.1-2.3
  • libicu69-ledata >= 69.1-2.3
Patchnames:
openSUSE Tumbleweed GA icu-69.1-2.3