CVE-2025-5222

Published: May 27, 2025Modified: Apr 23, 2026

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: secalert@redhat.com (Secondary)

Description

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Affected (1)

Products: Unicode: International Components For Unicode

1 product

International Components For Unicode

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Unicode International Components For Unicode	Before 77.1

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (9)

https://access.redhat.com/errata/RHSA-2025:11888

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2025:12083

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2025:12331

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2025:12332

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2025:12333

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2025-5222

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2368600

Source: secalert@redhat.com

Issue Tracking

https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957

Source: secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.