CVE-2017-15422

Published: Aug 28, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Affected (10)

Products: Google: Chrome · Icu Project: International Components For Unicode · Debian: Debian Linux · +2 more

Show all products

Google: Chrome · Icu Project: International Components For Unicode · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation

1 product

1 product

International Components For Unicode

1 product

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 63.0.3239.84

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Icu Project International Components For Unicode	Before 60.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10

Configuration E

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (12)

https://access.redhat.com/errata/RHSA-2017:3401

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

https://crbug.com/774382

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201801-03

Source: chrome-cve-admin@google.com

https://usn.ubuntu.com/3610-1/

Source: chrome-cve-admin@google.com

https://www.debian.org/security/2018/dsa-4150

Source: chrome-cve-admin@google.com

https://access.redhat.com/errata/RHSA-2017:3401

Source: af854a3a-2127-422b-91ae-364da2661108

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/774382

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201801-03

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3610-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2018/dsa-4150

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.