Bug 429023 - (CVE-2007-4770) CVE-2007-4770 libicu poor back reference validation
CVE-2007-4770 libicu poor back reference validation
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,source=vendorsec,rep...
: Reopened, Security
Depends On: 429706 429707 430232 430233
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-16 15:53 EST by Josh Bressers
Modified: 2008-01-29 07:30 EST (History)
3 users (show)

See Also:
Fixed In Version: 3.8-5.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-28 09:03:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
An example of icu pattern matching in OOo (7.97 KB, application/vnd.oasis.opendocument.text)
2008-01-17 04:20 EST, Caolan McNamara
no flags Details
Patch agains ICU 3.8 proposed by Andy Heninger (11.87 KB, patch)
2008-01-18 03:06 EST, Tomas Hoger
no flags Details | Diff
backported patch (10.48 KB, patch)
2008-01-22 03:59 EST, Caolan McNamara
no flags Details | Diff

  None (edit)
Description Josh Bressers 2008-01-16 15:53:36 EST
Will Drewry reported a flaw in the way libicu processes certain regular
expressions.  He reports:

    On regular expression compilation, illegal backreferences may refer to the
    non-existent capture group '0'.  When these are builts, they will result
    in corrupt REStackFrames which will be used at a later point.  Crashes may
    result in out of band reads or writes depending on the regular expression
    being executed.
Comment 3 Caolan McNamara 2008-01-17 04:20:08 EST
Created attachment 291973 [details]
An example of icu pattern matching in OOo

I figured out how to get OOo to match patterns with the icu regexp stuff.
Attached is a test-case which just tries to match "I am a pattern"
Comment 5 Tomas Hoger 2008-01-18 03:06:42 EST
Created attachment 292114 [details]
Patch agains ICU 3.8 proposed by Andy Heninger
Comment 8 Caolan McNamara 2008-01-22 03:59:16 EST
Created attachment 292482 [details]
backported patch

I can't commit to RHEL icu without approved bugzilla ids.
Comment 15 Fedora Update System 2008-01-27 02:13:09 EST
icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2008-01-27 02:21:19 EST
icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.