Unrated severityNVD Advisory· Published Mar 12, 2020· Updated Aug 4, 2024

CVE-2020-10531

Description

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Affected products

International Components for Unicode/ICU for C/C++description
osv-coords82 versions
pkg:bitnami/node pkg:bitnami/node-min pkg:rpm/almalinux/icu pkg:rpm/almalinux/libicu pkg:rpm/almalinux/libicu-devel pkg:rpm/almalinux/libicu-doc pkg:rpm/almalinux/nodejs-nodemon pkg:rpm/almalinux/nodejs-packaging pkg:rpm/opensuse/icu73_2&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/icu73_2&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/icu73_2&distro=openSUSE%20Leap%20Micro%205.2 pkg:rpm/opensuse/icu73_2&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/icu73_2&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/opensuse/icu&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/icu&distro=openSUSE%20Tumbleweed pkg:rpm/suse/icu73_2&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/icu73_2&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/icu73_2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/icu73_2&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/icu73_2&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/icu&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/icu&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/icu&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4 pkg:rpm/suse/icu&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/icu&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/icu&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/icu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP1 pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2 pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
>= 10.13.0, < 10.21.0+ 81 more
- (no CPE)range: >= 10.13.0, < 10.21.0
- (no CPE)range: >= 10.13.0, < 10.21.0
- (no CPE)range: < 60.3-2.el8_1
- (no CPE)range: < 60.3-2.el8_1
- (no CPE)range: < 60.3-2.el8_1
- (no CPE)range: < 60.3-2.el8_1
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 60.2-lp151.3.11.1
- (no CPE)range: < 73.2-2.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 73.2-150000.1.3.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-3.9.1
- (no CPE)range: < 60.2-3.9.1
- (no CPE)range: < 60.2-3.9.1
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-3.9.1
- (no CPE)range: < 60.2-3.9.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-3.9.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 60.2-3.9.1
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 60.2-150000.3.15.4
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 52.1-8.10.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.24.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2020:0738mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/202003-15mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/4305-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2020/dsa-4646mitrevendor-advisoryx_refsource_DEBIAN
bugs.chromium.org/p/chromium/issues/detailmitrex_refsource_MISC
chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.htmlmitrex_refsource_MISC
chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08mitrex_refsource_MISC
github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afcamitrex_refsource_MISC
github.com/unicode-org/icu/pull/971mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2020/03/msg00024.htmlmitremailing-listx_refsource_MLIST
unicode-org.atlassian.net/browse/ICU-20958mitrex_refsource_MISC
www.oracle.com//security-alerts/cpujul2021.htmlmitrex_refsource_MISC
www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000