CVE-2020-10531
high-risk
Published 2020-03-12
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Do I need to act?
-
0.79% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
International Components For Unicode
Affected Vendors
References (36)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0738
Permissions Required
https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
Third Party Advisory
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_...
Issue Tracking
https://github.com/unicode-org/icu/pull/971
Third Party Advisory
https://security.gentoo.org/glsa/202003-15
Permissions Required
https://unicode-org.atlassian.net/browse/ICU-20958
Third Party Advisory
https://usn.ubuntu.com/4305-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4646
Not Applicable
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0738
and 16 more references
53
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
3/34 · Minimal
Exposure
20/34 · Moderate