Search for vulnerabilities
Vulnerability details: VCID-4wj8-g3np-aaaq
Vulnerability ID VCID-4wj8-g3np-aaaq
Aliases CVE-2011-4599
Summary Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121 Stack-based Buffer Overflow
System Score Found at
generic_textual Medium http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1815
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.05732 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.0609 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.13534 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.25304 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.28996 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.28996 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.31670 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
epss 0.31670 https://api.first.org/data/v1/epss?cve=CVE-2011-4599
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=765812
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2011-4599
generic_textual Medium http://support.apple.com/kb/HT5503
Reference id Reference type URL
http://bugs.icu-project.org/trac/ticket/8984
http://code.google.com/p/chromium/issues/detail?id=106441
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.opensuse.org/opensuse-updates/2012-01/msg00035.html
http://rhn.redhat.com/errata/RHSA-2011-1815.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4599.json
https://api.first.org/data/v1/epss?cve=CVE-2011-4599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599
http://secunia.com/advisories/47146
http://secunia.com/advisories/47227
http://secunia.com/advisories/47674
http://secunia.com/advisories/47714
http://secunia.com/advisories/47775
https://exchange.xforce.ibmcloud.com/vulnerabilities/71726
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT5503
http://ubuntu.com/usn/usn-1348-1
http://www.debian.org/security/2012/dsa-2397
http://www.mandriva.com/security/advisories?name=MDVSA-2011:194
http://www.openwall.com/lists/oss-security/2011/12/09/2
http://www.openwall.com/lists/oss-security/2011/12/09/5
http://www.osvdb.org/77698
http://www.securityfocus.com/bid/51006
654883 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654883
765812 https://bugzilla.redhat.com/show_bug.cgi?id=765812
cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*
CVE-2011-4599 https://nvd.nist.gov/vuln/detail/CVE-2011-4599
GLSA-201209-07 https://security.gentoo.org/glsa/201209-07
RHSA-2011:1815 https://access.redhat.com/errata/RHSA-2011:1815
USN-1348-1 https://usn.ubuntu.com/1348-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-4599
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89957
EPSS Score 0.05732
Published At May 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.