Vulnerabilities > CVE-2014-8146 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
| description | ICU library 52 < 54 - Multiple Vulnerabilities. CVE-2014-8146,CVE-2014-8147. Local exploit for Multiple platform |
| id | EDB-ID:43887 |
| last seen | 2018-01-25 |
| modified | 2015-06-10 |
| published | 2015-06-10 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43887/ |
| title | ICU library 52 < 54 - Multiple Vulnerabilities |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_11.NASL description The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components : - Address Book - AirScan - apache_mod_php - Apple Online Store Kit - AppleEvents - Audio - bash - Certificate Trust Policy - CFNetwork Cookies - CFNetwork FTPProtocol - CFNetwork HTTPProtocol - CFNetwork Proxies - CFNetwork SSL - CoreCrypto - CoreText - Dev Tools - Disk Images - dyld - EFI - Finder - Game Center - Heimdal - ICU - Install Framework Legacy - Intel Graphics Driver - IOAudioFamily - IOGraphics - IOHIDFamily - IOStorageFamily - Kernel - libc - libpthread - libxpc - Login Window - lukemftpd - Mail - Multipeer Connectivity - NetworkExtension - Notes - OpenSSH - OpenSSL - procmail - remote_cmds - removefile - Ruby - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - Security - SMB - SQLite - Telephony - Terminal - tidy - Time Machine - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKit Page Loading - WebKit Plug-ins Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 86270 published 2015-10-05 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86270 title Mac OS X < 10.11 Multiple Vulnerabilities (GHOST) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2318-1.NASL description icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102912 published 2017-09-01 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102912 title SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2017:2318-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-953.NASL description Qt 5 was updated to the 5.5.1 release to deliver upstream improvements and fixes to Qt functionality. The following Security fixes are contained in QtWebEngineCore : - ICU: CVE-2014-8146, CVE-2014-8147 - Blink: CVE-2015-1284, CVE-2015-1291, CVE-2015-1292 - Skia: CVE-2015-1294 - V8: CVE-2015-1290 The following packages were rebuilt because they use private headers : - calibre - fcitx-qt5 - frameworkintegration - kwayland - kwin5, - lxqt-powermanagement - lxqt-qtplugin last seen 2020-06-05 modified 2015-12-29 plugin id 87627 published 2015-12-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87627 title openSUSE Security Update : Qt 5 (openSUSE-2015-953) NASL family Windows NASL id ITUNES_12_3_0.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the bundled versions of WebKit, CoreText, the Microsoft Visual Studio C++ Redistributable Package, and ICU. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 86001 published 2015-09-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86001 title Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1011.NASL description icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-09-06 plugin id 102967 published 2017-09-06 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102967 title openSUSE Security Update : icu (openSUSE-2017-1011) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-517.NASL description icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a last seen 2020-06-05 modified 2018-05-25 plugin id 110107 published 2018-05-25 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110107 title openSUSE Security Update : icu (openSUSE-2018-517) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1915-1.NASL description This update brings LibreOffice to version 5.0.2, a major version update. It brings lots of new features, bugfixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ - LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc last seen 2020-06-01 modified 2020-06-02 plugin id 86757 published 2015-11-05 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86757 title SUSE SLED12 / SLES12 Security Update : Recommended update for LibreOffice (SUSE-SU-2015:1915-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3323.NASL description Several vulnerabilities were discovered in the International Components for Unicode (ICU) library. - CVE-2014-8146 The Unicode Bidirectional Algorithm implementation does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. - CVE-2014-8147 The Unicode Bidirectional Algorithm implementation uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. - CVE-2015-4760 The Layout Engine was missing multiple boundary checks. These could lead to buffer overflows and memory corruption. A specially crafted file could cause an application using ICU to parse untrusted font files to crash and, possibly, execute arbitrary code. Additionally, it was discovered that the patch applied to ICU in DSA-3187-1 for CVE-2014-6585 was incomplete, possibly leading to an invalid memory access. This could allow remote attackers to disclose portion of private memory via crafted font files. last seen 2020-06-01 modified 2020-06-02 plugin id 85162 published 2015-08-03 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85162 title Debian DSA-3323-1 : icu - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0324-1.NASL description This update brings LibreOffice to version 5.0.4, a major version update. It brings lots of new features, bug fixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ - LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc last seen 2020-06-01 modified 2020-06-02 plugin id 88575 published 2016-02-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88575 title SUSE SLED11 Security Update : Recommended update for LibreOffice (SUSE-SU-2016:0324-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-273.NASL description This update for LibreOffice and some library dependencies (cmis-client, libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker, mdds, libwps) fixes the following issues : Changes in libreoffice : - Provide l10n-pt from pt-PT - boo#945047 - LO-L3: LO is duplicating master pages, extended fix - boo#951579 - LO-L3: [LibreOffice] Calc 5.0 fails to open ods files - deleted RPATH prevented loading of bundled 3rd party RDF handler libs - Version update to 5.0.4.2 : - Final of the 5.0.4 series - boo#945047 - LO-L3: LO is duplicating master pages - Version update to 5.0.4.1 : - rc1 of 5.0.4 with various regression fixes - boo#954345 - LO-L3: Insert-->Image-->Insert as Link hangs writer - Version update to 5.0.3.2 : - Final tag of 5.0.3 release - Fix boo#939996 - LO-L3: Some bits from DOCX file are not imported - Fix boo#889755 - LO-L3: PPTX: chart axis number format incorrect - boo#679938 - LO-L3: saving to doc file the chapter name in the header does not change with chapters - Version update to 5.0.3RC1 as it should fix i586 test failure - Update text2number extension to 1.5.0 - obsolete libreoffice-mono - pentaho-flow-reporting require is conditional on system_libs - Update icon theme dependencies - https://lists.debian.org/debian-openoffice/2015/09/msg00343.html - Version bump to 5.0.2 final fate#318856 fate#319071 boo#943075 boo#945692 : - Small tweaks compared to rc1 - For sake of completion this release also contains security fixes for boo#910806 CVE-2014-8147, boo#907636 CVE-2014-9093, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-4551 - Use gcc48 to build on sle11sp4 - Make debuginfo last seen 2020-06-05 modified 2016-02-29 plugin id 89016 published 2016-02-29 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89016 title openSUSE Security Update : LibreOffice and related libraries (openSUSE-2016-273) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201507-04.NASL description The remote host is affected by the vulnerability described in GLSA-201507-04 (International Components for Unicode: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in International Components for Unicode. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 84603 published 2015-07-08 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84603 title GLSA-201507-04 : International Components for Unicode: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2605-1.NASL description Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83345 published 2015-05-12 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83345 title Ubuntu 14.04 LTS / 14.10 / 15.04 : icu vulnerabilities (USN-2605-1) NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_3_0_BANNER.NASL description The version of Apple iTunes running on the remote host is prior to 12.3. It is, therefore, affected by multiple vulnerabilities in the WebKit, CoreText, and ICU components, and in the bundled version of the Microsoft Visual Studio C++ Redistributable Package. An attacker can exploit these vulnerabilities to cause a denial of service, execute arbitrary code, or gain access to encrypted SMB credentials. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 86601 published 2015-10-26 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86601 title Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1401-1.NASL description icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a last seen 2020-06-01 modified 2020-06-02 plugin id 110093 published 2018-05-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110093 title SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2018:1401-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1401-2.NASL description icu was updated to fix two security issues. These security issues were fixed : CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a last seen 2020-06-01 modified 2020-06-02 plugin id 118258 published 2018-10-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118258 title SUSE SLES12 Security Update : icu (SUSE-SU-2018:1401-2)
References
- https://raw.githubusercontent.com/pedrib/PoC/master/generic/i-c-u-fail.txt
- http://www.kb.cert.org/vuls/id/602540
- http://openwall.com/lists/oss-security/2015/05/05/6
- http://bugs.icu-project.org/trac/changeset/37162
- http://seclists.org/fulldisclosure/2015/May/14
- https://support.apple.com/HT205221
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
- https://support.apple.com/HT205212
- https://support.apple.com/HT205267
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
- https://support.apple.com/HT205213
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/74457
- https://security.gentoo.org/glsa/201507-04
- http://www.debian.org/security/2015/dsa-3323
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html