Closed mend-bolt-for-github[bot] closed 5 months ago
:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2017-17484 - Critical Severity Vulnerability
Vulnerable Library - mongor5.1.0-rc0
The MongoDB Database
Library home page: https://github.com/mongodb/mongo.git
Found in HEAD commit: 9c4537f1af3987a4f237e73712977c87c207c818
Found in base branch: main
Vulnerable Source Files (3)
/src/third_party/icu4c-57.1/source/common/ucnv_u8.c /src/third_party/icu4c-57.1/source/common/ucnv_u8.c /src/third_party/icu4c-57.1/source/common/ucnv_u8.c
Vulnerability Details
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.
Publish Date: 2017-12-10
URL: CVE-2017-17484
CVSS 3 Score Details (9.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2017-17484
Release Date: 2017-12-10
Fix Resolution: release-60-2
Step up your Open Source Security Game with Mend here