CVE-2014-9654: Buffer Overflow

Reference Links

• https://exchange.xforce.ibmcloud.com/vulnerabilities/110456
• https://www.ibm.com/support/pages/node/1073530 (Advisory)
• http://bugs.icu-project.org/trac/changeset/36801
• http://bugs.icu-project.org/trac/ticket/11371
• http://openwall.com/lists/oss-security/2015/02/05/15
• http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
• http://www.securitytracker.com/id/1035410
• https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
• https://code.google.com/p/chromium/issues/detail?id=432209
• https://security.gentoo.org/glsa/201503-06
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Parent vulnerabilities

(Appears in the following advisories)

• IBM-1073530

Frequently Asked Questions

• What is the severity of CVE-2014-9654?

  CVE-2014-9654 has a high severity rating due to its potential to allow remote code execution.

• How do I fix CVE-2014-9654?

  To fix CVE-2014-9654, update Google Chrome to version 40.0.2214.86 or later and update ICU to version 55.1 or later.

• Who is affected by CVE-2014-9654?

  CVE-2014-9654 affects users of Google Chrome versions up to 40.0.2214.85 and ICU versions below 55.1.

• What types of attacks can exploit CVE-2014-9654?

  CVE-2014-9654 can be exploited through specially crafted data that triggers improper size limit checks in regular expressions.

• Is CVE-2014-9654 easily exploitable?

  Due to the nature of the vulnerability, CVE-2014-9654 can be easily exploited by an attacker with malicious intent.