CVE-2025-5222

Icu: stack buffer overflow in the srbroot::addtag function

CVSS 7 HIGHEPSS 0.3%CWE-120

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Produtos afetados

icuRed Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Red Hat · Red Hat Enterprise Linux 9.4 Extended Update Support Red Hat · Red Hat OpenShift Container Platform 4

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHSA-2025:11888 https://access.redhat.com/errata/RHSA-2025:12083 https://access.redhat.com/errata/RHSA-2025:12331 https://access.redhat.com/errata/RHSA-2025:12332 https://access.redhat.com/errata/RHSA-2025:12333 https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957