ICU4C Undefined Behavior Vulnerability Advisory (S00111-cpp)

Title: UB at icuUtil.cpp Package: icu4C Affected versions: < 23.1.5 Patched versions: 23.1.6 Severity: 8.2 / 10 (High) Summary: ICU4C provides a set of libraries and tools that allow for the internationalization, manipulation, and application of ICC color management profiles published by the International Color Consortium (ICC). This advisory covers an Undefined Behavior (UB) condition (S00111-cpp) triggered by a crafted input profile. Under Undefined Behavior, the system is required to avoid side effects (performed per S00128/00129 - triggered by S00128-cpp where the shiftable value "cannot be represented" in that type). The test report shows some occurrences of S00128-cpp, S00131-cpp, S00139-cpp, and S00141-cpp bugs. It affects the relevant integer-shift logic to avoid undefined behavior when handling malformed profile data. References: Issue: #7211 PR: #7230 Update: Contains commands (npm update, Homebrew, Docker Pull, NixOS Pull) for remediation/update methods. Builds / Releases: CI Latest 23.1.6 (published 2024-03-28) Details: Affected component(s): S00111-cpp (UBSsan reports issues 1233 / 1130 / 1088) Impact: Crafted input may crash the process or cause unpredictable behavior (denial of service). Reproduce from Issue #7211 Specific file paths and code snippets are present, appearing to be test cases or reproduction steps rather than direct exploit code, but constitute key information. Code block content: ``` icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8("icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fromUTF8(icu::UnicodeString::fro

Goal Reached Thanks to every supporter — we hit 100%!

ICU4C Undefined Behavior Vulnerability Advisory (S00111-cpp)

More from this source