[3.4] icu: Out-of-bounds access in uloc_acceptLanguageFromHTTP (CVE-2016-6293)ID: oval:org.secpod.oval:def:1800150 | Date: (C)2018-03-28 (M)2023-11-10 |
Class: PATCH | Family: unix |
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode through 57.1 for C/C++ does not ensure that there is a "\0" character at the end of a certain temporary array, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a call with a long argument. And possibly needs some more follow-up fixes, cf. with upstream changes around/later than changeset 39109.
Platform: |
Alpine Linux 3.4 |