Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
International Components for Unicode common/uloc.cpp文件安全漏洞
Vulnerability Description
International Components for Unicode(ICU)是美国IBM公司和其他公司共同开发的一个为C/C++和Java编程语言提供了一整套操作Unicode数据的函数库,也是一个用于支持软件国际化的开源项目。 ICU 57.1及之前的版中的common/uloc.cpp文件中的‘uloc_acceptLanguageFromHTTP’函数存在安全漏洞,该漏洞源于程序没有确认临时数组以‘’字符结尾。远程攻击者可借助较长的httpAcceptLanguage参数调用函数利用该漏洞造成
CVSS Information
N/A
Vulnerability Type
N/A