CVE-2016-6293
Summary
| CVE | CVE-2016-6293 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2016-07-25 14:59:00 UTC |
|---|
| Updated | 2023-11-07 02:33:00 UTC |
|---|
| Description | The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| PHP :: Sec Bug #72533 :: locale_accept_from_http out-of-bounds access |
MISC |
bugs.php.net |
Exploit, Issue Tracking, Third Party Advisory |
| ICU: Multiple vulnerabilities (GLSA 201701-58) — Gentoo Security |
GENTOO |
security.gentoo.org |
Third Party Advisory |
| 72.52.91.13 Git - php-src.git/commit |
MISC |
git.php.net |
Issue Tracking, Patch |
| ICU CVE-2016-6293 Out of Bounds Read Denial of Service Vulnerability |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| 72.52.91.13 Git - php-src.git/commit |
|
git.php.net |
|
| oss-security - Re: Fwd: CVE for PHP 5.5.38 issues |
MLIST |
openwall.com |
Mailing List |
| Oracle Critical Patch Update Advisory - April 2019 |
MISC |
www.oracle.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 500255 Alpine Linux Security Update for icu
- 504005 Alpine Linux Security Update for icu
- 710529 Gentoo Linux ICU Multiple Vulnerabilities (GLSA 201701-58)
