First published: Wed Dec 06 2017(Updated: )
Integer overflow in international date handling in International Components for Unicode (ICU) allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Credit: Yuan Deng Ant cve-coordination@google.com chrome-cve-admin@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/chromium-browser | <63.0.3239.84-0ubuntu0.17.10.1 | 63.0.3239.84-0ubuntu0.17.10.1 |
ubuntu/chromium-browser | <63.0.3239.84-0ubuntu1 | 63.0.3239.84-0ubuntu1 |
ubuntu/chromium-browser | <63.0.3239.84-0ubuntu1 | 63.0.3239.84-0ubuntu1 |
ubuntu/chromium-browser | <63.0.3239.84-0ubuntu0.14.04.1 | 63.0.3239.84-0ubuntu0.14.04.1 |
ubuntu/chromium-browser | <63.0.3239.84 | 63.0.3239.84 |
ubuntu/chromium-browser | <63.0.3239.84-0ubuntu0.16.04.1 | 63.0.3239.84-0ubuntu0.16.04.1 |
ubuntu/chromium-browser | <63.0.3239.84-0ubuntu0.17.04.1 | 63.0.3239.84-0ubuntu0.17.04.1 |
ubuntu/icu | <57.1-6ubuntu0.3 | 57.1-6ubuntu0.3 |
ubuntu/icu | <52.1-3ubuntu0.8 | 52.1-3ubuntu0.8 |
ubuntu/icu | <55.1-7ubuntu0.4 | 55.1-7ubuntu0.4 |
debian/icu | 63.1-6+deb10u3 63.1-6+deb10u2 67.1-7 72.1-3 72.1-4 | |
redhat/chromium-browser | <63.0.3239.84 | 63.0.3239.84 |
macOS High Sierra | <10.13.2 | 10.13.2 |
macOS High Sierra | ||
Apple El Capitan | ||
Apple iTunes | <12.7.2 | 12.7.2 |
Google Chrome | <63.0.3239.84 | |
ICU (International Components for Unicode) | <60.1 | |
Debian | =8.0 | |
Debian | =9.0 | |
Ubuntu | =14.04 | |
Ubuntu | =16.04 | |
Ubuntu | =17.10 | |
redhat enterprise Linux desktop | =6.0 | |
redhat enterprise Linux server | =6.0 | |
redhat enterprise Linux workstation | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2017-15422.
The severity of CVE-2017-15422 is medium (6.5).
The software products affected by CVE-2017-15422 include Google Chrome, ICU, macOS High Sierra, Sierra, El Capitan, and Ubuntu Chromium browser, among others.
A remote attacker can exploit CVE-2017-15422 by using a crafted HTML page to perform an out of bounds memory read.
You can find more information about CVE-2017-15422 at the following references: [link1], [link2], [link3].