The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 | |
| https://bugs.php.net/72533 | issue tracking exploit third party advisory |
| https://security.gentoo.org/glsa/201701-58 | third party advisory vendor advisory |
| http://openwall.com/lists/oss-security/2016/07/24/2 | mailing list |
| http://www.securityfocus.com/bid/92127 | vdb entry third party advisory |
| https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html |