CVE-2025-5222
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
27/05/2025
Last modified:
08/08/2025
Description
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:unicode:international_components_for_unicode:*:*:*:*:*:*:*:* | 78.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHSA-2025:11888
- https://access.redhat.com/errata/RHSA-2025:12083
- https://access.redhat.com/errata/RHSA-2025:12331
- https://access.redhat.com/errata/RHSA-2025:12332
- https://access.redhat.com/errata/RHSA-2025:12333
- https://access.redhat.com/security/cve/CVE-2025-5222
- https://bugzilla.redhat.com/show_bug.cgi?id=2368600
- https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html