CVE-2014-7926

Description

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.

How to fix CVE-2014-7926

To remediate CVE-2014-7926, upgrade the affected package to a fixed version below.

• Debian/icu—upgrade to 52.1-7.1 or later

Is CVE-2014-7926 being exploited?

Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 52.1-7.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-7926