VDB
CISA-2025-5222
CISA-2025-5222
PUBLISHED
CVSS 7 HIGH
Reported by redhat · Published May 27, 2025
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 | ||
| Red Hat | Red Hat Enterprise Linux 10 | 0:74.2-5.el10_0 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:67.1-10.el9_6 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:67.1-10.el9_6 |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 0:67.1-10.el9_0 |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:67.1-10.el9_2 |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:67.1-10.el9_4 |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat Enterprise Linux 10 | 0:74.2-5.el10_0, 0:74.2-5.el10_0 |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 0:67.1-10.el9_4, 0:67.1-10.el9_4 |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 0:67.1-10.el9_2, * |
| 0, 0 | ||
| Red Hat | Red Hat Enterprise Linux 9 | 0:67.1-10.el9_6, *, 0:67.1-10.el9_6 |
| Red Hat | Red Hat Enterprise Linux 8 |
…and 3 more
Timeline
- May 27, 2025 CVE Published
- Jan 22, 2026 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- RHSA-2025:11888 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:12083 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:12331 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:12332 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:12333 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2368600 issue-trackingx_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html url