CVE-2014-9911: Buffer Overflow
First published: Tue Oct 11 2016(Updated: )
A locale string of more than 255 characters passed to uloc_getDisplayName() could overflow a buffer on the stack, leading a crash or, potentially, code execution. Upstream patch: <a href="http://bugs.icu-project.org/trac/changeset/35699">http://bugs.icu-project.org/trac/changeset/35699</a> Upstream issue (private as at 2016-10-11): <a href="http://bugs.icu-project.org/trac/ticket/10891">http://bugs.icu-project.org/trac/ticket/10891</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icu | <54.1 | 54.1 |
| ICU (International Components for Unicode) | <54.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.icu-project.org/trac/changeset/35699
- http://bugs.icu-project.org/trac/ticket/10891
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1065838
- https://bugs.php.net/bug.php?id=67397
- http://bugs.icu-project.org/trac/ticket/11936
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1397625
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1397626
- http://seclists.org/oss-sec/2016/q4/525
- https://access.redhat.com/security/cve/CVE-2014-9912
- https://access.redhat.com/security/cve/CVE-2016-6294
- https://bugzilla.redhat.com/show_bug.cgi?id=1383569
- http://bugs.icu-project.org/trac/ticket/1089
- http://www.openwall.com/lists/oss-security/2016/11/25/1
- http://www.securityfocus.com/bid/94520
- http://www.securitytracker.com/id/1037556
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Frequently Asked Questions
What is the severity of CVE-2014-9911?
CVE-2014-9911 is considered a high severity vulnerability due to the potential for code execution or crash.
How do I fix CVE-2014-9911?
To fix CVE-2014-9911, update the ICU package to version 54.1 or later.
What platforms are affected by CVE-2014-9911?
CVE-2014-9911 affects versions of the ICU libraries up to 54.1 across various platforms.
What is CVE-2014-9911?
CVE-2014-9911 is a vulnerability that allows a buffer overflow due to locale strings exceeding 255 characters.
Can CVE-2014-9911 lead to data compromise?
Yes, CVE-2014-9911 can potentially lead to data compromise through unauthorized code execution.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/author
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-9911
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/icu-project
- canonical/icu (international components for unicode)