CVE - CVE-2020-10531

CVE-ID
CVE-2020-10531	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
DEBIAN:DSA-4646 URL:https://www.debian.org/security/2020/dsa-4646 FEDORA:FEDORA-2020-39e0b8bd14 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ FEDORA:FEDORA-2020-43d5a372fc URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/ FEDORA:FEDORA-2020-f6271d7afa URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ GENTOO:GLSA-202003-15 URL:https://security.gentoo.org/glsa/202003-15 MISC:https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 URL:https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 MISC:https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html URL:https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html MISC:https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 URL:https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 MISC:https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca URL:https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca MISC:https://github.com/unicode-org/icu/pull/971 URL:https://github.com/unicode-org/icu/pull/971 MISC:https://unicode-org.atlassian.net/browse/ICU-20958 URL:https://unicode-org.atlassian.net/browse/ICU-20958 MISC:https://www.oracle.com//security-alerts/cpujul2021.html URL:https://www.oracle.com//security-alerts/cpujul2021.html MISC:https://www.oracle.com/security-alerts/cpuapr2022.html URL:https://www.oracle.com/security-alerts/cpuapr2022.html MISC:https://www.oracle.com/security-alerts/cpujan2021.html URL:https://www.oracle.com/security-alerts/cpujan2021.html MLIST:[debian-lts-announce] 20200320 [SECURITY] [DLA 2151-1] icu security update URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html REDHAT:RHSA-2020:0738 URL:https://access.redhat.com/errata/RHSA-2020:0738 SUSE:openSUSE-SU-2020:0459 URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html UBUNTU:USN-4305-1 URL:https://usn.ubuntu.com/4305-1/
Assigning CNA
MITRE Corporation
Date Record Created
20200312	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20200312)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.