CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Published: Mar 12, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10531
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
icu-project / international_components_for_unicode	-	66.1.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
google / chrome	-	80.0.3987.122
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x
fedoraproject / fedora	33	33.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	19.10	19.10.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	12.04	12.04.x
opensuse / leap	15.1	15.1.x
oracle / banking_extensibility_workbench	14.4.0	14.4.0.x
oracle / banking_extensibility_workbench	14.3.0	14.3.0.x
nodejs / node.js	10.0.0	10.12.0.x
nodejs / node.js	10.13.0	10.21.0

Vulnerability Database

289,599

CVE-2020-10531