CVE-2025-5222

HIGH(7.0)

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Risk Signal Score18/100 — NIEDRIG

CVSS 7 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

Technische Schwere

Beschreibung

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Referenzen

https://access.redhat.com/errata/RHSA-2025:11888
https://access.redhat.com/errata/RHSA-2025:12083
https://access.redhat.com/errata/RHSA-2025:12331
https://access.redhat.com/errata/RHSA-2025:12332
https://access.redhat.com/errata/RHSA-2025:12333
https://access.redhat.com/security/cve/CVE-2025-5222
https://bugzilla.redhat.com/show_bug.cgi?id=2368600
https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957
https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html