CVE-2018-18928

Summary

CVE	CVE-2018-18928
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-11-04 20:29:00 UTC
Updated	2019-01-16 19:30:00 UTC
Description	International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Icu-project	International Components For Unicode	63.1	All	All	All
Application	Icu-project	International Components For Unicode	63.1	All	All	All
Application	Icu-project	International Components For Unicode	63.1	All	All	All

References

Reference	Source	Link	Tags
ICU-20246 Fixing another integer overflow in number parsing. · unicode-org/icu@53d8c8f · GitHub	MISC	github.com	Patch, Vendor Advisory
[ICU-20246] Integer overflow in number_decimalquantity.cpp (Take 2) - Unicode Consortium	MISC	unicode-org.atlassian.net	Vendor Advisory
900059 - Integer-overflow in icu_63::number::impl::DecimalQuantity::toScientificString - chromium - Monorail	MISC	bugs.chromium.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)