CVE-2017-15422

Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
googlechrome
𝑥
< 63.0.3239.84
icu-projectinternational_components_for_unicode
𝑥
< 60.1
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
icu
bullseye
67.1-7
fixed
wheezy
not-affected
bookworm
72.1-3
fixed
sid
72.1-5
fixed
trixie
72.1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
cosmic
Fixed 63.0.3239.84-0ubuntu1
released
bionic
Fixed 63.0.3239.84-0ubuntu1
released
artful
Fixed 63.0.3239.84-0ubuntu0.17.10.1
released
zesty
Fixed 63.0.3239.84-0ubuntu0.17.04.1
released
xenial
Fixed 63.0.3239.84-0ubuntu0.16.04.1
released
trusty
Fixed 63.0.3239.84-0ubuntu0.14.04.1
released
icu
cosmic
not-affected
bionic
not-affected
artful
Fixed 57.1-6ubuntu0.3
released
zesty
ignored
xenial
Fixed 55.1-7ubuntu0.4
released
trusty
Fixed 52.1-3ubuntu0.8
released
oxide-qt
cosmic
dne
bionic
dne
artful
ignored
zesty
ignored
xenial
ignored
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2017:3401
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
https://crbug.com/774382
https://security.gentoo.org/glsa/201801-03
https://usn.ubuntu.com/3610-1/
https://www.debian.org/security/2018/dsa-4150
https://access.redhat.com/errata/RHSA-2017:3401
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
https://crbug.com/774382
https://security.gentoo.org/glsa/201801-03
https://usn.ubuntu.com/3610-1/
https://www.debian.org/security/2018/dsa-4150