CVE-2014-7923

Current Description

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.

Referenced by CVEs:CVE-2014-9654

Basic Data

PublishedJanuary 22, 2015
Last ModifiedApril 23, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-17
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Desktop Supplementary6.0*******
    2.3OSRedhatEnterprise Linux Server Supplementary6.0*******
    2.3OSRedhatEnterprise Linux Server Supplementary Eus6.6.z*******
    2.3OSRedhatEnterprise Linux Workstation Supplementary6.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse13.1*******
    2.3OSOpensuseOpensuse13.2*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIcu-projectInternational Components For Unicode*****c/c++**55.1
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleCommunications Messaging Server7.0.5*******
    2.3ApplicationOracleCommunications Messaging Server8.0*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux14.10*******
  • OR - Configuration 6
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGoogleChrome********40.0.2214.85

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux Desktop Supplementary 6.0
Redhat Enterprise Linux Server Supplementary 6.0
Redhat Enterprise Linux Workstation Supplementary 6.0
Redhat Enterprise Linux Server Supplementary Eus 6.6.z
Canonical Ubuntu Linux 14.04, 14.10
Opensuse Opensuse 13.1, 13.2
Oracle Communications Messaging Server 7.0.5, 8.0
Icu-project International Components For Unicode *
Google Chrome *

References

NameSourceURLTags
http://advisories.mageia.org/MGASA-2015-0047.htmlhttp://advisories.mageia.org/MGASA-2015-0047.htmlCONFIRMThird Party Advisory
http://bugs.icu-project.org/trac/ticket/11370http://bugs.icu-project.org/trac/ticket/11370CONFIRMVendor Advisory
http://googlechromereleases.blogspot.com/2015/01/stable-update.htmlhttp://googlechromereleases.blogspot.com/2015/01/stable-update.htmlCONFIRMVendor Advisory
openSUSE-SU-2015:0441http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.htmlSUSEThird Party Advisory
RHSA-2015:0093http://rhn.redhat.com/errata/RHSA-2015-0093.htmlREDHATThird Party Advisory
62383http://secunia.com/advisories/62383SECUNIAPermissions Required
62575http://secunia.com/advisories/62575SECUNIAThird Party Advisory
62665http://secunia.com/advisories/62665SECUNIAPermissions Required
GLSA-201502-13http://security.gentoo.org/glsa/glsa-201502-13.xmlGENTOOThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlCONFIRMThird Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlCONFIRMThird Party Advisory
72288http://www.securityfocus.com/bid/72288BIDThird Party Advisory VDB Entry
1031623http://www.securitytracker.com/id/1031623SECTRACKThird Party Advisory VDB Entry
USN-2476-1http://www.ubuntu.com/usn/USN-2476-1UBUNTUThird Party Advisory
https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8chttps://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8cCONFIRMThird Party Advisory
https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fbhttps://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fbCONFIRMThird Party Advisory
https://code.google.com/p/chromium/issues/detail?id=430353https://code.google.com/p/chromium/issues/detail?id=430353CONFIRMVendor Advisory
https://codereview.chromium.org/726973003https://codereview.chromium.org/726973003CONFIRMThird Party Advisory
GLSA-201503-06https://security.gentoo.org/glsa/201503-06GENTOOThird Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlMISC