PT-2020-2137 · International Components For Unicode+8 · Icu+8

Published

2020-01-24

·

Updated

2024-12-16

·

CVE-2020-10531

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) for C/C++ versions through 66.1
Description An issue exists in the UnicodeString::doAppend() function in common/unistr.cpp, related to an integer overflow that leads to a heap-based buffer overflow. This could allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity.
Recommendations For versions through 66.1, consider disabling the UnicodeString::doAppend() function as a temporary workaround until a patch is available. Restrict access to the common/unistr.cpp module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190

Related Identifiers

ALSA-2020:0902
ALSA-2020:1293
ALSA-2020:1317
ALT-PU-2020-1090
ALT-PU-2020-1457
ALT-PU-2020-1521
ALT-PU-2020-1707
ALT-PU-2020-2195
ALT-PU-2020-2441
BDU:2020-02034
BIT-NODE-2020-10531
BIT-NODE-MIN-2020-10531
CESA-2020_0896
CESA-2020_0897
CESA-2020_0902
CESA-2020_1293
CESA-2020_1317
CVE-2020-10531
DLA-2151-1
DSA-4646-1
OPENSUSE-SU-2020:0459-1
OPENSUSE-SU-2020_0459-1
OPENSUSE-SU-2023_3563-1
OPENSUSE-SU-2024:12116-1
OPENSUSE-SU-2024:13127-1
RHSA-2020:0738
RHSA-2020:0896
RHSA-2020:0897
RHSA-2020:0901
RHSA-2020:0902
RHSA-2020:1293
RHSA-2020:1317
RHSA-2020:1343
RHSA-2020:2895
RHSA-2020:3084
RHSA-2020_0738
RHSA-2020_0896
RHSA-2020_0897
RHSA-2020_0902
RHSA-2020_1293
RHSA-2020_1317
RLSA-2020:0902
RLSA-2020:1293
RLSA-2020:1317
SUSE-OU-2024:0647-1
SUSE-SU-2020:0819-1
SUSE-SU-2020:0819-2
SUSE-SU-2020:1180-1
SUSE-SU-2020:1568-1
SUSE-SU-2020:1575-1
SUSE-SU-2020_0819-1
SUSE-SU-2020_0819-2
SUSE-SU-2020_1180-1
SUSE-SU-2020_1568-1
SUSE-SU-2020_1575-1
SUSE-SU-2023:3563-1
SUSE-SU-2023:3563-2
SUSE-SU-2023:3563-3
SUSE-SU-2023_3563-1
SUSE-SU-2023_3563-2
SUSE-SU-2023_3563-3
USN-4305-1

Affected Products

Alt Linux
Almalinux
Centos
Icu
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu