CVE-2008-1036 — icu - cross site scripting

Description

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

How to fix CVE-2008-1036

To remediate CVE-2008-1036, upgrade the affected package to a fixed version below.

Debian/icu—upgrade to 4.0.1-1 or later
Debian/icu—upgrade to 3.6-2etch2 or later

Is CVE-2008-1036 being exploited?

Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.0.1-1
from 0, < 3.6-2etch2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-1036