VDB

CISA-2025-5222

CISA-2025-5222 PUBLISHED CVSS 7 HIGH

Reported by redhat · Published May 27, 2025

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Risk Scores

CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
0
Red HatRed Hat Enterprise Linux 100:74.2-5.el10_0
Red HatRed Hat Enterprise Linux 90:67.1-10.el9_6
Red HatRed Hat Enterprise Linux 90:67.1-10.el9_6
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:67.1-10.el9_0
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:67.1-10.el9_2
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:67.1-10.el9_4
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 100:74.2-5.el10_0, 0:74.2-5.el10_0
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:67.1-10.el9_4, 0:67.1-10.el9_4
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:67.1-10.el9_2, *
0, 0
Red HatRed Hat Enterprise Linux 90:67.1-10.el9_6, *, 0:67.1-10.el9_6
Red HatRed Hat Enterprise Linux 8

…and 3 more

Timeline

  • May 27, 2025 CVE Published
  • Jan 22, 2026 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›