icu: Out-of-bounds access in uloc_acceptLanguageFromHTTP (CVE-2016-6293)
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in
International Components for Unicode (ICU) through 57.1 for C/C does not
ensure that there is a ‘\0’ character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read)
or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
And possibly needs some more follow-up fixes, cf. with upstream
around/later than changeset 39109.
(from redmine: issue id 6144, created on 2016-09-13, closed on 2016-10-14)
- Revision a1c3c770 by Natanael Copa on 2016-09-14T14:49:28Z:
main/icu: Security fix (CVE-2016-6293) fixes #6144