CVE-2014-9654

Published: Apr 24, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.

Affected (2)

Products: Google: Chrome · Icu Project: International Components For Unicode

1 product

1 product

International Components For Unicode

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 40.0.2214.85

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Icu Project International Components For Unicode	Before 55.1

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (18)

http://bugs.icu-project.org/trac/changeset/36801

Source: secalert@redhat.com

Issue Tracking

http://bugs.icu-project.org/trac/ticket/11371

Source: secalert@redhat.com

Issue TrackingVendor Advisory

http://openwall.com/lists/oss-security/2015/02/05/15

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035410

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://code.google.com/p/chromium/issues/detail?id=432209

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201503-06

Source: secalert@redhat.com

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: secalert@redhat.com

http://bugs.icu-project.org/trac/changeset/36801

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

http://bugs.icu-project.org/trac/ticket/11371

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

http://openwall.com/lists/oss-security/2015/02/05/15

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1035410

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://code.google.com/p/chromium/issues/detail?id=432209

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/201503-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.