CVE-2011-4599
icu - buffer underflow
EPSS 24.1%
Description
Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.
How to fix CVE-2011-4599
To remediate CVE-2011-4599, upgrade the affected package to a fixed version below.
- Debian/icu—upgrade to 4.8.1.1-3 or later
- Debian/icu—upgrade to 4.4.1-8 or later
Is CVE-2011-4599 being exploited?
Moderate — EPSS is 24.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 4.8.1.1-3
- from 0, < 4.4.1-8