Red Hat Bugzilla – Bug 429023
CVE-2007-4770 libicu poor back reference validation
Last modified: 2008-01-29 07:30:51 EST
Will Drewry reported a flaw in the way libicu processes certain regular
expressions. He reports:
On regular expression compilation, illegal backreferences may refer to the
non-existent capture group '0'. When these are builts, they will result
in corrupt REStackFrames which will be used at a later point. Crashes may
result in out of band reads or writes depending on the regular expression
Created attachment 291973 [details]
An example of icu pattern matching in OOo
I figured out how to get OOo to match patterns with the icu regexp stuff.
Attached is a test-case which just tries to match "I am a pattern"
Created attachment 292114 [details]
Patch agains ICU 3.8 proposed by Andy Heninger
Created attachment 292482 [details]
I can't commit to RHEL icu without approved bugzilla ids.
This is now public:
icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: