VDB

ALPINE-CVE-2016-6293

ALPINE-CVE-2016-6293 PUBLISHED CVSS 9.800000190734863 CRITICAL

The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.

Risk Scores

CVSS v3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.11icu57.1-r0, 49.1.2-r0, 0
Alpine:v3.14icu0, 57.1-r0, 56.1-r0
Alpine:v3.20icu0, 57.1-r0, 56.1-r0
Alpine:v3.9icu50.1.1-r1, 0, 4.1.3-r0
Alpine:v3.13icu4.8-r0, 4.8.1.1-r0, 4.8.1.1-r1
Alpine:v3.8icu4.2.1-r0, 57.1-r0, 56.1-r0
Alpine:v3.10icu4.1.3-r0, 4.2.0.1-r0, 4.4-r1
Alpine:v3.22icu53.1-r0, 57.1-r0, 56.1-r0
Alpine:v3.16icu52.1-r0, 4.1.3-r0, 4.4.1-r3
Alpine:v3.4icu55.1-r2, 50.1-r1, 57.1-r0
Alpine:v3.18icu56.1-r0, 4.1.3-r0, 4.4.1-r3
Alpine:v3.23icu4.8.1-r0, 57.1-r0, 56.1-r0
Alpine:v3.21icu4.4.1-r1, 4.2.1-r0, 0
Alpine:v3.15icu57.1-r0, 0, 4.1.3-r0
Alpine:v3.17icu4.4.2-r1, 4.4-r2, 4.4.2-r0
Alpine:v3.12icu0, 57.1-r0, 56.1-r0
Alpine:v3.6icu4.2.0.1-r0, 4.2.1-r0, 4.4-r0
Alpine:v3.7icu57.1-r0, 56.1-r0, 55.1-r2
Alpine:v3.5icu53.1-r0, 0, 4.1.3-r0
Alpine:v3.19icu4.8.1.1-r1, 50.1.1-r1, 4.2.1-r0

Timeline

  • Jul 25, 2016 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›