CVE-2018-18928
CRITICALInternational Components for Unicode (ICU) for C/C++ 63.1 - Integer Overflow in DecimalQuantity::toScientificString()
Title source: llmDescription
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51
Vendor Advisory x_refsource_misc
https://unicode-org.atlassian.net/browse/ICU-20246
Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/chromium/issues/detail?id=900059
Scores
CVSS v3
9.8
EPSS
0.0292
EPSS Percentile
85.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
icu-project/international_components_for_unicode
63.1
Published
Nov 04, 2018
Tracked Since
Feb 18, 2026