CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
References
Link Resource
https://github.com/unicode-org/icu/pull/971 Issue Tracking Patch
https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 Patch Third Party Advisory
https://unicode-org.atlassian.net/browse/ICU-20958 Permissions Required Third Party Advisory
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html Third Party Advisory
https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 Permissions Required Third Party Advisory
https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0738 Third Party Advisory
https://security.gentoo.org/glsa/202003-15 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html Mailing List Third Party Advisory
https://www.debian.org/security/2020/dsa-4646 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ Mailing List Third Party Advisory
https://usn.ubuntu.com/4305-1/ Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/ Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Not Applicable Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c/c++:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

Information

Published : 2020-03-12 07:15

Updated : 2022-08-12 06:28


NVD link : CVE-2020-10531

Mitre link : CVE-2020-10531

Products Affected
No products.