Vulnerability Details : CVE-2018-18928
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
Vulnerability category: Overflow
Products affected by CVE-2018-18928
- cpe:2.3:a:icu-project:international_components_for_unicode:63.1:*:*:*:*:c\/c\+\+:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-18928
2.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-18928
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-18928
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-18928
-
https://bugs.chromium.org/p/chromium/issues/detail?id=900059
900059 - Integer-overflow in icu_63::number::impl::DecimalQuantity::toScientificString - chromium - MonorailThird Party Advisory
-
https://unicode-org.atlassian.net/browse/ICU-20246
[ICU-20246] Integer overflow in number_decimalquantity.cpp (Take 2) - Unicode ConsortiumVendor Advisory
-
https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51
ICU-20246 Fixing another integer overflow in number parsing. · unicode-org/icu@53d8c8f · GitHubPatch;Vendor Advisory
Jump to