CVE-2017-15422
- Source
- https://cve.org/CVERecord?id=CVE-2017-15422
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15422.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-15422
- Downstream
- Related
- Published
- 2018-08-28T19:29:11.520Z
- Modified
- 2026-05-18T11:09:18.004487Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "14.04" }, { "last_affected": "16.04" }, { "last_affected": "17.10" } ], "cpes": [ "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "canonical:ubuntu_linux" }, { "extracted_events": [ { "last_affected": "8.0" }, { "last_affected": "9.0" } ], "cpes": [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "debian:debian_linux" }, { "extracted_events": [ { "fixed": "63.0.3239.84" } ], "cpes": [ "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "google:chrome" }, { "extracted_events": [ { "last_affected": "6.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "redhat:enterprise_linux_desktop" }, { "extracted_events": [ { "last_affected": "6.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "redhat:enterprise_linux_server" }, { "extracted_events": [ { "last_affected": "6.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "redhat:enterprise_linux_workstation" } ] }- References
Affected packages
Git / github.com/unicode-org/icu
Affected ranges
- Type
- GIT
- Repo
- https://github.com/unicode-org/icu
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "60.1" } ], "source": "CPE_FIELD", "cpe": "cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\\/c\\+\\+:*:*" }
Affected versions
Other
last-cvs-commit
milestone-59-0-1
milestone-60-0-1
release-59-rc
release-60-rc
Database specific
vanir_signatures_modified
"2026-05-18T11:09:18Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15422.json"
vanir_signatures
[
{
"digest": {
"line_hashes": [
"265922437860161806218521412017495571064",
"61370861690590036444881588296541572373",
"21412699680533285001219682540977158554",
"78524948477440916061374536654646355814",
"66071699775431555534478414008159488241",
"314051153806869992058837242297794192105",
"18121896161909391091128965835462286211",
"78524948477440916061374536654646355814"
],
"threshold": 0.9
},
"target": {
"file": "icu4c/source/test/intltest/callimts.cpp"
},
"id": "CVE-2017-15422-44666b9c",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/unicode-org/icu/commit/89bae57bd0570109ca997e8b6b887f851b9c26e0",
"signature_version": "v1"
},
{
"digest": {
"length": 5436.0,
"function_hash": "195989465204932975762316039963888273501"
},
"target": {
"file": "icu4c/source/test/intltest/callimts.cpp",
"function": "CalendarLimitTest::doLimitsTest"
},
"id": "CVE-2017-15422-a0eae682",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/unicode-org/icu/commit/89bae57bd0570109ca997e8b6b887f851b9c26e0",
"signature_version": "v1"
}
]