Vulnerability CVE-2007-4771

Vulnerability Name:

CVE-2007-4771 (CCN-39936)

Assigned:

2007-09-10

Published:

2008-01-22

Updated:

2018-10-15

Summary:

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.
Note: some of these details are obtained from third party information.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2007-4771

Source: CCN
Type: OpenOffice.org Web site
download: OpenOffice.org Downloads

Source: SUSE
Type: Third Party Advisory
SUSE-SR:2008:005

Source: CCN
Type: RHSA-2008-0090
Important: icu security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:0090

Source: CCN
Type: SA28575
International Components for Unicode Regular Expressions Vulnerabilities

Source: SECUNIA
Type: Permissions Required
28575

Source: SECUNIA
Type: Permissions Required
28615

Source: SECUNIA
Type: Permissions Required
28669

Source: SECUNIA
Type: Permissions Required
28783

Source: SECUNIA
Type: Permissions Required
29194

Source: SECUNIA
Type: Permissions Required
29242

Source: CCN
Type: SA29291
Sun Solaris ICU Regular Expressions Vulnerabilities

Source: SECUNIA
Type: Permissions Required
29291

Source: SECUNIA
Type: Permissions Required
29294

Source: SECUNIA
Type: Permissions Required
29333

Source: CCN
Type: SA29852
OpenOffice Multiple Vulnerabilities

Source: SECUNIA
Type: Permissions Required
29852

Source: SECUNIA
Type: Permissions Required
29910

Source: CCN
Type: SA29987
Sun StarOffice/StarSuite Multiple Vulnerabilities

Source: SECUNIA
Type: Permissions Required
29987

Source: SECUNIA
Type: Permissions Required
30179

Source: GENTOO
Type: Third Party Advisory
GLSA-200803-20

Source: GENTOO
Type: Third Party Advisory
GLSA-200805-16

Source: CCN
Type: SECTRACK ID: 1019269
ICU Regular Expression Processing Bug May Let Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1019269

Source: CCN
Type: SourceForge.net: Archive
[icu-support] ICU Patch for bugs in Regular Expressions

Source: MLIST
Type: Third Party Advisory
[icu-support] 20080122 ICU Patch for bugs in Regular Expressions

Source: SUNALERT
Type: Broken Link
231641

Source: SUNALERT
Type: Broken Link
233922

Source: CCN
Type: Sun Alert ID: 231641
Security Vulnerability for ODF Text Documents Containing XForms in StarOffice 8/StarSuite 8

Source: CCN
Type: Sun Alert ID: 233922
Multiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)

Source: CCN
Type: ASA-2008-128
Multiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS) (Sun 233922)

Source: CONFIRM
Type: Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0043

Source: DEBIAN
Type: Third Party Advisory
DSA-1511

Source: DEBIAN
Type: DSA-1511
libicu -- various

Source: CCN
Type: GLSA-200803-20
International Components for Unicode: Multiple vulnerabilities

Source: MANDRIVA
Type: Broken Link
MDVSA-2008:026

Source: SUSE
Type: Third Party Advisory
SUSE-SA:2008:023

Source: CCN
Type: OpenOffice.org Security Bulletin CVE-2007-4770/4771
Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution

Source: CONFIRM
Type: Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-4770.html

Source: CONFIRM
Type: Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2007-5745.html

Source: BUGTRAQ
Type: UNKNOWN
20080206 rPSA-2008-0043-1 icu

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
27455

Source: CCN
Type: BID-27455
International Components for Unicode Library (libicu) Multiple Memory Corruption Vulnerabilities

Source: CCN
Type: USN-591-1
libicu vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-591-1

Source: VUPEN
Type: Third Party Advisory
ADV-2008-0282

Source: VUPEN
Type: Third Party Advisory
ADV-2008-0807

Source: VUPEN
Type: Third Party Advisory
ADV-2008-1375

Source: CCN
Type: Red Hat Bugzilla Bug 429025
CVE-2007-4771 libicu incomplete interval handling

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=429025

Source: XF
Type: Third Party Advisory, VDB Entry
libicu-dointerval-bo(39936)

Source: XF
Type: UNKNOWN
libicu-dointerval-bo(39936)

Source: CONFIRM
Type: Third Party Advisory
https://issues.rpath.com/browse/RPL-2199

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:10507

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:5431

Source: FEDORA
Type: Third Party Advisory
FEDORA-2008-1036

Source: FEDORA
Type: Third Party Advisory
FEDORA-2008-1076

Source: SUSE
Type: SUSE-SA:2008:023
OpenOffice.org security problems

Source: SUSE
Type: SUSE-SR:2008:005
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:icu-project:international_components_for_unicode:*:*:*:*:*:c/c++:*:* (Version <= 3.8.1)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20074771	V	CVE-2007-4771	2022-05-20
oval:org.opensuse.security:def:42361	P	Security update for slirp4netns (Moderate)	2022-03-24
oval:org.opensuse.security:def:26222	P	Security update for virglrenderer (Important) (in QA)	2022-01-17
oval:org.opensuse.security:def:33116	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:31722	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:32241	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:26183	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:26173	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:31304	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26167	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:32197	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:26134	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:31274	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:31672	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:32175	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31670	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:31666	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:31659	P	Security update for qemu (Important)	2021-07-29
oval:org.opensuse.security:def:31658	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:31230	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:31218	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:32136	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:26083	P	Security update for zziplib (Moderate)	2021-06-25
oval:org.opensuse.security:def:26081	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:26077	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:31639	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:32112	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:42599	P	libicu-32bit-4.0-7.26.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36192	P	libicu-32bit-4.0-7.26.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36420	P	icu-4.0-7.26.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32918	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:32087	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:26033	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:26026	P	Security update for cifs-utils (Moderate)	2021-04-13
oval:org.opensuse.security:def:31142	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31366	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:42158	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:42157	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:32268	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31731	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:31744	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:31219	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:26045	P	Security update for gimp (Moderate)	2021-01-04
oval:org.opensuse.security:def:25981	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:25980	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35954	P	libicu-32bit-4.0-7.26.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35588	P	libicu-32bit-4.0-7.24.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25969	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:35750	P	libicu-32bit-4.0-7.24.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35751	P	libicu-32bit-4.0-7.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41995	P	libicu-32bit-4.0-7.24.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25586	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:31828	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26236	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:33155	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25945	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26687	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26750	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25727	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27155	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32324	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26745	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25931	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:31994	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25302	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26318	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:32412	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:32553	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25741	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:31510	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26019	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32879	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25377	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:31788	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26420	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26553	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25753	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25481	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31057	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25789	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32031	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31421	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:25716	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:31810	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26953	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25139	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25930	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:27383	P	ctdb-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31433	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26311	P	Security update for openstack-nova and openstack-neutron (Moderate)	2020-12-01
oval:org.opensuse.security:def:25818	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32038	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25151	P	Security update for file-roller (Low)	2020-12-01
oval:org.opensuse.security:def:31528	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:25505	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:31876	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26546	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25871	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32715	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25343	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:25580	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:32025	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:26648	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26715	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25643	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:31884	P	Security update for dosfstools (Moderate)	2020-12-01
oval:org.opensuse.security:def:26280	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26701	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25878	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31972	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:27190	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25301	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:32373	P	Security update for tcpdump (Important)	2020-12-01
oval:org.opensuse.security:def:32514	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31423	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25313	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:26371	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32434	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25742	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:25424	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:31056	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25708	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31875	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:26459	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26588	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25817	P	Security update for pidgin-otr (Important)	2020-12-01
oval:org.opensuse.security:def:25565	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:31771	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26918	P	ibutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31068	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25846	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31422	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26254	P	Security update for dia (Moderate)	2020-12-01
oval:org.opensuse.security:def:25769	P	Security update for gd (Low)	2020-12-01
oval:org.opensuse.security:def:31832	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25140	P	Security update for xmltooling (Moderate)	2020-12-01
oval:org.opensuse.security:def:31436	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27418	P	icu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25504	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:31507	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26395	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:25857	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32676	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25215	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31585	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:32478	P	Security update for zsh (Moderate)	2020-12-01
oval:org.opensuse.security:def:25516	P	Security update for file-roller (Moderate)	2020-12-01
oval:org.opensuse.security:def:31968	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:26599	P	libpython2_6-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25915	P	Security update for libosip2 (Moderate)	2020-12-01
oval:org.mitre.oval:def:17696	P	USN-591-1 -- icu vulnerabilities	2014-06-30
oval:org.mitre.oval:def:18778	P	DSA-1511-1 icu - multiple problems	2014-06-23
oval:org.mitre.oval:def:8243	P	DSA-1511 libicu -- various	2014-06-23
oval:org.mitre.oval:def:21714	P	ELSA-2008:0090: icu security update (Important)	2014-05-26
oval:org.mitre.oval:def:10507	V	Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.	2013-04-29
oval:org.mitre.oval:def:5431	V	Multiple Security Vulnerabilities in ICU 3.2 Library Regular Expression Processing May Cause a Denial of Service (DoS)	2008-04-21
oval:com.redhat.rhsa:def:20080090	P	RHSA-2008:0090: icu security update (Important)	2008-01-28

BACK