{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-23T19:08:13", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "62665", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62665"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"}, {"name": "62575", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62575"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.chromium.org/726973003"}, {"name": "USN-2476-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2476-1"}, {"name": "72288", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72288"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=430353"}, {"name": "GLSA-201502-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "GLSA-201503-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201503-06"}, {"name": "1031623", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031623"}, {"name": "openSUSE-SU-2015:0441", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0047.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.icu-project.org/trac/ticket/11370"}, {"name": "RHSA-2015:0093", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"}, {"name": "62383", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62383"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-7923", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "62665", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62665"}, {"name": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb", "refsource": "CONFIRM", "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"}, {"name": "62575", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62575"}, {"name": "https://codereview.chromium.org/726973003", "refsource": "CONFIRM", "url": "https://codereview.chromium.org/726973003"}, {"name": "USN-2476-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2476-1"}, {"name": "72288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72288"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=430353", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=430353"}, {"name": "GLSA-201502-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "GLSA-201503-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201503-06"}, {"name": "1031623", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031623"}, {"name": "openSUSE-SU-2015:0441", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"name": "http://advisories.mageia.org/MGASA-2015-0047.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0047.html"}, {"name": "http://bugs.icu-project.org/trac/ticket/11370", "refsource": "CONFIRM", "url": "http://bugs.icu-project.org/trac/ticket/11370"}, {"name": "RHSA-2015:0093", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"}, {"name": "62383", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62383"}, {"name": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c", "refsource": "CONFIRM", "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.637Z"}, "title": "CVE Program Container", "references": [{"name": "62665", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62665"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"}, {"name": "62575", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62575"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codereview.chromium.org/726973003"}, {"name": "USN-2476-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2476-1"}, {"name": "72288", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72288"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=430353"}, {"name": "GLSA-201502-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "GLSA-201503-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201503-06"}, {"name": "1031623", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031623"}, {"name": "openSUSE-SU-2015:0441", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0047.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.icu-project.org/trac/ticket/11370"}, {"name": "RHSA-2015:0093", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"}, {"name": "62383", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62383"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-7923", "datePublished": "2015-01-22T22:00:00", "dateReserved": "2014-10-06T00:00:00", "dateUpdated": "2024-08-06T13:03:27.637Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "matchCriteriaId": "04A2B180-08EF-4BE1-B1F2-48782874D6DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\\/c\\+\\+:*:*", "matchCriteriaId": "A889134B-A584-4570-97DB-83FD217BC601", "versionEndExcluding": "55.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_messaging_server:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6721CCE8-2FD7-46E4-BAFE-6C25C87EBBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA1C04F6-ED13-4FB4-BA9B-BBB85D6007F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "B248CC65-0394-4432-9520-52E99C17EA4A", "versionEndIncluding": "40.0.2214.85", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression."}, {"lang": "es", "value": "El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versi\u00f3n SVN 292944, como es usada en Google Chrome anterior a la versi\u00f3n 40.0.2214.91, permite a los atacantes remotos generar una Denegaci\u00f3n de Servicio (corrupci\u00f3n de la memoria) o posiblemente tener otros impactos no especificados por medio de vectores relacionados con una expresi\u00f3n look-behind."}], "id": "CVE-2014-7923", "lastModified": "2023-11-07T02:21:54.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-22T22:59:00.053", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://advisories.mageia.org/MGASA-2015-0047.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://bugs.icu-project.org/trac/ticket/11370"}, {"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62383"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62575"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62665"}, {"source": "chrome-cve-admin@google.com", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/72288"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1031623"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2476-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=430353"}, {"source": "chrome-cve-admin@google.com", "url": "https://codereview.chromium.org/726973003"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201503-06"}, {"source": "chrome-cve-admin@google.com", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0093", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:40.0.2214.91-1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-01-27T00:00:00Z"}], "bugzilla": {"description": "ICU: regexp engine missing look-behind expression range check", "id": "1185202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185202"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression."], "name": "CVE-2014-7923", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "icu", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "icu", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "icu", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-01-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-7923\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7923\nhttp://googlechromereleases.blogspot.com/2015/01/stable-update.html"], "statement": "The flaw is caused because the ICU regular expression compiler is unable to properly handle certain malformed patterns. Because of the way in which this flaw manifests itself, it can only be triggered via untrusted content, which is common for components such as web browsers, in this case, the Chromium browser. \nThis flaw has been rated moderate for ICU component in Red Hat products, because either it is very difficult to trigger this flaw, or it is unusual to directly pass untrusted parameters to the ICU library.", "threat_severity": "Important", "upstream_fix": "Chrome 40.0.2214.91"}