Your submission was sent successfully! Close

CVE-2014-9912

Published: 4 January 2017

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
precise
Released (5.3.10-1ubuntu3.26)
trusty
Released (5.5.9+dfsg-1ubuntu4.21)
upstream
Released (5.6.0,5.5.14,5.4.30,5.3.29)
xenial Does not exist

yakkety Does not exist

php7.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable