[3.4] icu: Stack based buffer overflow in locid.cpp (CVE-2016-7415)
Stack-based buffer overflow in the Locale class in common/locid.cpp in
International Components for Unicode (ICU) through 57.1 for C/C allows
remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a long locale string.
Fixed In Version:
icu 58.1
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7415
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-7415
Upstream bug (private):
http://bugs.icu-project.org/trac/ticket/12745
No patch available.
(from redmine: issue id 6549, created on 2016-12-19, closed on 2016-12-29)
- Relations:
- parent #6547 (closed)
- Changesets:
- Revision 1fa78865 on 2016-12-27T08:26:19Z:
main/icu: security fix (CVE-2016-7415). Fixes #6549
- Revision 717cf36f on 2016-12-27T14:22:53Z:
main/icu: security fix (CVE-2016-7415). Fixes #6549