Bug 1524819 (CVE-2017-17484) - CVE-2017-17484 icu: stack-based buffer overflow in ucnv_u8.cpp:ucnv_UTF8FromUTF8 can lead to denial of service
Summary: CVE-2017-17484 icu: stack-based buffer overflow in ucnv_u8.cpp:ucnv_UTF8FromU...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-17484
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1524820
Blocks: 1524823
TreeView+ depends on / blocked
 
Reported: 2017-12-12 07:50 UTC by Sam Fowler
Modified: 2021-02-17 01:07 UTC (History)
12 users (show)

Fixed In Version: icu 60.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-12 13:37:21 UTC
Embargoed:


Attachments (Terms of Use)

Description Sam Fowler 2017-12-12 07:50:10 UTC
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17484
http://www.cvedetails.com/cve/CVE-2017-17484/
https://ssl.icu-project.org/trac/ticket/13490
https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.cpp
https://ssl.icu-project.org/trac/ticket/13510
https://ssl.icu-project.org/trac/changeset/40715
https://ssl.icu-project.org/trac/changeset/40714
https://github.com/znc/znc/issues/1459

Comment 1 Sam Fowler 2017-12-12 07:51:19 UTC
Created icu tracking bugs for this issue:

Affects: fedora-all [bug 1524820]

Comment 2 Stefan Cornelius 2017-12-12 13:29:46 UTC
I think this was introduced by https://ssl.icu-project.org/trac/changeset/40455/trunk/icu4c/source/common/ucnv_u8.cpp

The fixed version passes the testcase, but revision 40455 fails, then https://ssl.icu-project.org/trac/browser/trunk/icu4c/source/common/ucnv_u8.cpp?rev=39745 passes again.

The poc has showed no symptoms when testing on RHEL.

Comment 3 Stefan Cornelius 2017-12-12 13:29:56 UTC
Statement:

This issue did not affect the versions of icu as shipped with Red Hat Enterprise Linux 5, 6, and 7.


Note You need to log in before you can comment on or make changes to this bug.