CVE-2014-7940
Published: 22 January 2015
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.
Notes
| Author | Note |
|---|---|
| mdeslaur | code in icu has changed, so no equivalent commit in icu tree first google patch is buggy, as prevPos is getting set _after_ the getNextNormalizedChar second google patch is buggy as source->endp is being checked without checking the UCOL_ITER_HASLEN flag |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Ignored
|
|
| trusty |
Does not exist
(trusty was released [40.0.2214.94-0ubuntu0.14.04.1.1068])
|
|
| upstream |
Released
(40.0.2214.91)
|
|
| utopic |
Released
(40.0.2214.94-0ubuntu0.14.10.1.1110)
|
|
| vivid |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
| wily |
Released
(40.0.2214.94-0ubuntu1.1120)
|
|
|
icu Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Released
(4.8.1.1-3ubuntu0.3)
|
|
| trusty |
Released
(52.1-3ubuntu0.2)
|
|
| upstream |
Released
(52.1-7.1)
|
|
| utopic |
Released
(52.1-6ubuntu0.2)
|
|
| vivid |
Not vulnerable
(52.1-7.1)
|
|
| wily |
Not vulnerable
(52.1-7.1)
|
|
|
Patches: other: https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075 other: https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100 other: https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100/patches/col.patch |
||
|
oxide-qt Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was released [1.4.2-0ubuntu0.14.04.1])
|
|
| upstream |
Released
(1.4.2)
|
|
| utopic |
Released
(1.4.2-0ubuntu0.14.10.1)
|
|
| vivid |
Released
(1.4.2-0ubuntu1)
|
|
| wily |
Released
(1.4.2-0ubuntu1)
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
- https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8
- https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075
- http://googlechromereleases.blogspot.com/2015/01/stable-update.html
- https://ubuntu.com/security/notices/USN-2476-1
- https://ubuntu.com/security/notices/USN-2522-1
- NVD
- Launchpad
- Debian