CVE-2007-4770

描述

libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.

如何修補 CVE-2007-4770

要修補 CVE-2007-4770,請將受影響套件升級到下列已修補版本。

• Debian/icu—升級至 3.8-6 或更新版本
• Debian/icu—升級至 3.6-2etch1 或更新版本

CVE-2007-4770 正在被利用嗎?

低 — EPSS 為 3.3%,目前沒有觀察到大規模利用活動。

受影響套件(2)

• from 0, < 3.8-6
• from 0, < 3.6-2etch1

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4770