Search for vulnerabilities
Vulnerability details: VCID-emuw-3ard-aaaf
Vulnerability ID VCID-emuw-3ard-aaaf
Aliases CVE-2014-9654
Summary The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2015:0093
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01339 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01928 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01928 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01928 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.01928 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.02631 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
epss 0.08733 https://api.first.org/data/v1/epss?cve=CVE-2014-9654
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1190129
generic_textual Medium https://code.google.com/p/chromium/issues/detail?id=432209
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2014-9654
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2014-9654
cvssv3.1 9.8 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
generic_textual LOW https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
cvssv3.1 6.1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Reference id Reference type URL
http://bugs.icu-project.org/trac/changeset/36801
http://bugs.icu-project.org/trac/ticket/11371
http://openwall.com/lists/oss-security/2015/02/05/15
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9654.json
https://api.first.org/data/v1/epss?cve=CVE-2014-9654
https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
https://code.google.com/p/chromium/issues/detail?id=432209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9654
https://security.gentoo.org/glsa/201503-06
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securitytracker.com/id/1035410
1190129 https://bugzilla.redhat.com/show_bug.cgi?id=1190129
776719 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776719
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*
CVE-2014-9654 https://nvd.nist.gov/vuln/detail/CVE-2014-9654
RHSA-2015:0093 https://access.redhat.com/errata/RHSA-2015:0093
USN-2522-1 https://usn.ubuntu.com/2522-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-9654
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2014-9654
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.86500
EPSS Score 0.01339
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.