CVE-2017-17484

Published: October 12, 2017
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.
CRITICAL
CVSS v3: 9.8

Status

DocFilters Release Package State Justification Comment
25.1 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
24.4 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
24.4.0 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
24.3 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
24.2.1 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
24.2 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
24.1 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
23.3 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
23.2.1 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
23.2 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
23.1 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
22.4 international_components_for_unicode (58.1) Not Affected Code Not Reachable Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
22.3 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
22.2 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
22.1 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
21.11.1 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
21.11 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
21.8.1 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
21.8 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
21.5.1 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
21.5.0 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
21.2.0 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
11.4.20 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
11.4.19.3667 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
11.4.18.3599 international_components_for_unicode (58.1) Not Affected Unused code block. Only occurs when converting from UTF8 to UTF8 which is avoided for performance reasons
11.4.17 international_components_for_unicode (58.1) Needs Triage
11.4.16.3445 international_components_for_unicode (58.1) Needs Triage
11.4.15.3368 international_components_for_unicode (58.1) Needs Triage
11.4.14.3263 international_components_for_unicode (58.1) Needs Triage
11.4.13.3179 international_components_for_unicode (58.1) Needs Triage
11.4.12.3054 international_components_for_unicode (58.1) Needs Triage
11.4.11.3040 international_components_for_unicode (58.1) Needs Triage
11.4.11.2990 international_components_for_unicode (58.1) Needs Triage
11.4.10.2934 international_components_for_unicode (58.1) Needs Triage
11.4.9.2878 international_components_for_unicode (58.1) Needs Triage
11.4.8.2822 international_components_for_unicode (58.1) Needs Triage

Severity score breakdown

Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
9.8
Base Severity
CRITICAL
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version
3.0

References