It was found that big locale string causes stack based overflow inside libicu. PHP bug: https://bugs.php.net/bug.php?id=73007 CVE assignment: http://seclists.org/oss-sec/2016/q3/518
Created mingw-icu tracking bugs for this issue: Affects: fedora-all [bug 1377363] Affects: epel-7 [bug 1377364]
Created icu tracking bugs for this issue: Affects: fedora-all [bug 1377362]
If there is an upstream icu bug, it is still private. I have attempted to repro on rhel-7.2 based on variants of the PHP function, but no success so far. PHP upstream crash report shows a stack overflow in Locale::Locale(char*). RHEL builds icu with -fstack-protector, which prevents traditional code execution vectors through stack smashing. I don't see any dangerous adjacent stack contents in that constructor, so the impact here is limited to a crash.
Upstream bug (ICU) (private as at 2016-11-04): http://bugs.icu-project.org/trac/ticket/12745