[3.1] icu: Out-of-bounds access in uloc_acceptLanguageFromHTTP (CVE-2016-6293)
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in
International Components for Unicode (ICU) through 57.1 for C/C does not
ensure that there is a ‘\0’ character at the end of a certain temporary
array, which allows remote attackers to cause a denial of service
(out-of-bounds read)
or possibly have unspecified other impact via a call with a long
httpAcceptLanguage argument.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6293
Patch:
http://bugs.icu-project.org/trac/changeset/39109
And possibly needs some more follow-up fixes, cf. with upstream
changes
around/later than changeset 39109.
(from redmine: issue id 6149, created on 2016-09-13, closed on 2016-10-14)
- Relations:
- parent #6144 (closed)