CVE-2025-5222

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

CVSS

No CVSS.

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:11888	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12083	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12331	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12332	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:12333	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-5222	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2368600	Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html	Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:unicode:international_components_for_unicode:*:*:*:*:*:*:*:*

History

08 Aug 2025, 14:55

Type	Values Removed	Values Added
References	~~() https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html -~~	() https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html - Mailing List
References	~~() https://access.redhat.com/errata/RHSA-2025:12083 -~~	() https://access.redhat.com/errata/RHSA-2025:12083 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:12332 -~~	() https://access.redhat.com/errata/RHSA-2025:12332 - Vendor Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2025-5222 -~~	() https://access.redhat.com/security/cve/CVE-2025-5222 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:12331 -~~	() https://access.redhat.com/errata/RHSA-2025:12331 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:11888 -~~	() https://access.redhat.com/errata/RHSA-2025:11888 - Vendor Advisory
References	~~() https://access.redhat.com/errata/RHSA-2025:12333 -~~	() https://access.redhat.com/errata/RHSA-2025:12333 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2368600 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2368600 - Issue Tracking
First Time		Unicode international Components For Unicode Unicode
CPE		cpe:2.3:a:unicode:international_components_for_unicode::::::::

31 Jul 2025, 05:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:12333 - () https://access.redhat.com/errata/RHSA-2025:12331 - () https://access.redhat.com/errata/RHSA-2025:12332 -

29 Jul 2025, 13:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:12083 -

28 Jul 2025, 13:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:11888 -

15 Jun 2025, 23:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html -

28 May 2025, 15:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.0~~	v2 : unknown v3 : unknown
CWE	~~CWE-120~~

27 May 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-27 21:15

Updated : 2025-08-08 14:55

NVD link : CVE-2025-5222

Mitre link : CVE-2025-5222

JSON object : View

Products Affected

unicode

international_components_for_unicode

CWE

No CWE.

JSON object

Attach tags to CVE-2025-5222

Attach tags to `CVE-2025-5222`