CVE-2007-4770
icu - multiple problems
EPSS 3.3%
Description
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
How to fix CVE-2007-4770
To remediate CVE-2007-4770, upgrade the affected package to a fixed version below.
- Debian/icu—upgrade to 3.8-6 or later
- Debian/icu—upgrade to 3.6-2etch1 or later
Is CVE-2007-4770 being exploited?
Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.8-6
- from 0, < 3.6-2etch1