CVE-2025-5222
Icu: stack buffer overflow in the srbroot::addtag function
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Productos afectados
icuRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat · Red Hat OpenShift Container Platform 4¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2025:11888https://access.redhat.com/errata/RHSA-2025:12083https://access.redhat.com/errata/RHSA-2025:12331https://access.redhat.com/errata/RHSA-2025:12332https://access.redhat.com/errata/RHSA-2025:12333https://access.redhat.com/security/cve/CVE-2025-5222https://bugzilla.redhat.com/show_bug.cgi?id=2368600https://lists.debian.org/debian-lts-announce/2025/06/msg00015.htmlhttps://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957