CVE-2025-5222

Опубликовано: 27 мая 2025

Источник: nvd

CVSS3: 7

EPSS Низкий

Описание

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Ссылки

https://access.redhat.com/errata/RHSA-2025:11888
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12083
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12331
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12332
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12333
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-5222
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2368600
Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html
Mailing List

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:unicode:international_components_for_unicode:*:*:*:*:*:*:*:*

Версия до 78.1 (исключая)

EPSS

Процентиль: 6%

0.00027

Низкий

7 High

CVSS3

Дефекты

CWE-120

Связанные уязвимости

CVE-2025-5222

CVSS3: 7

ubuntu

5 месяцев назад

CVE-2025-5222

CVSS3: 7

redhat

12 месяцев назад

CVE-2025-5222

CVSS3: 7

msrc

3 месяца назад

Icu: stack buffer overflow in the srbroot::addtag function

CVE-2025-5222

CVSS3: 7

debian

5 месяцев назад

A stack buffer overflow was found in Internationl components for unico ...

SUSE-SU-2025:02216-1

suse-cvrf

4 месяца назад

Security update for icu

EPSS

Процентиль: 6%

0.00027

Низкий

7 High

CVSS3

Дефекты

CWE-120