ALPINE-CVE-2025-5222

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2025-5222

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-5222.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2025-5222

Upstream

CVE-2025-5222

Published

2025-05-27T21:15:23Z

Modified

2025-10-10T19:28:13.500732Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

References

https://security.alpinelinux.org/vuln/CVE-2025-5222

Affected packages

Alpine:v3.19 / icu

Package

Name: icu
Purl: pkg:apk/alpine/icu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

74.1-r1

Affected versions

4.*

4.1.3-r0

4.2.0.1-r0

4.2.1-r0

4.4-r0

4.4-r1

4.4-r2

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.2-r0

4.4.2-r1

4.6-r0

4.6.1-r0

4.8-r0

4.8.1-r0

4.8.1.1-r0

4.8.1.1-r1

49.*

49.1.1-r0

49.1.2-r0

49.1.2-r1

50.*

50.1-r1

50.1.1-r1

50.1.2-r1

51.*

51.1-r0

51.2-r0

51.2-r1

52.*

52.1-r0

53.*

53.1-r0

54.*

54.1-r0

55.*

55.1-r0

55.1-r1

55.1-r2

56.*

56.1-r0

57.*

57.1-r0

57.1-r1

58.*

58.1-r1

58.2-r0

58.2-r1

58.2-r2

59.*

59.1-r0

59.1-r1

60.*

60.2-r0

60.2-r1

60.2-r2

60.2-r3

62.*

62.1-r0

63.*

63.1-r0

64.*

64.2-r0

65.*

65.1-r0

65.1-r1

66.*

66.1-r0

67.*

67.1-r0

67.1-r1

67.1-r2

69.*

69.1-r0

69.1-r1

70.*

70.1-r0

71.*

71.1-r0

71.1-r1

71.1-r2

71.1-r3

71.1-r4

72.*

72.1-r0

72.1-r1

72.1-r2

72.1-r3

73.*

73.1-r0

73.1-r1

73.1-r2

73.2-r0

73.2-r1

73.2-r2

73.2-r3

74.*

74.1-r0

Alpine:v3.20 / icu

Package

Name: icu
Purl: pkg:apk/alpine/icu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

74.2-r1

Affected versions

4.*

4.1.3-r0

4.2.0.1-r0

4.2.1-r0

4.4-r0

4.4-r1

4.4-r2

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.2-r0

4.4.2-r1

4.6-r0

4.6.1-r0

4.8-r0

4.8.1-r0

4.8.1.1-r0

4.8.1.1-r1

49.*

49.1.1-r0

49.1.2-r0

49.1.2-r1

50.*

50.1-r1

50.1.1-r1

50.1.2-r1

51.*

51.1-r0

51.2-r0

51.2-r1

52.*

52.1-r0

53.*

53.1-r0

54.*

54.1-r0

55.*

55.1-r0

55.1-r1

55.1-r2

56.*

56.1-r0

57.*

57.1-r0

57.1-r1

58.*

58.1-r1

58.2-r0

58.2-r1

58.2-r2

59.*

59.1-r0

59.1-r1

60.*

60.2-r0

60.2-r1

60.2-r2

60.2-r3

62.*

62.1-r0

63.*

63.1-r0

64.*

64.2-r0

65.*

65.1-r0

65.1-r1

66.*

66.1-r0

67.*

67.1-r0

67.1-r1

67.1-r2

69.*

69.1-r0

69.1-r1

70.*

70.1-r0

71.*

71.1-r0

71.1-r1

71.1-r2

71.1-r3

71.1-r4

72.*

72.1-r0

72.1-r1

72.1-r2

72.1-r3

73.*

73.1-r0

73.1-r1

73.1-r2

73.2-r0

73.2-r1

73.2-r2

73.2-r3

74.*

74.1-r0

74.2-r0

Alpine:v3.21 / icu

Package

Name: icu
Purl: pkg:apk/alpine/icu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

74.2-r1

Affected versions

4.*

4.1.3-r0

4.2.0.1-r0

4.2.1-r0

4.4-r0

4.4-r1

4.4-r2

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.2-r0

4.4.2-r1

4.6-r0

4.6.1-r0

4.8-r0

4.8.1-r0

4.8.1.1-r0

4.8.1.1-r1

49.*

49.1.1-r0

49.1.2-r0

49.1.2-r1

50.*

50.1-r1

50.1.1-r1

50.1.2-r1

51.*

51.1-r0

51.2-r0

51.2-r1

52.*

52.1-r0

53.*

53.1-r0

54.*

54.1-r0

55.*

55.1-r0

55.1-r1

55.1-r2

56.*

56.1-r0

57.*

57.1-r0

57.1-r1

58.*

58.1-r1

58.2-r0

58.2-r1

58.2-r2

59.*

59.1-r0

59.1-r1

60.*

60.2-r0

60.2-r1

60.2-r2

60.2-r3

62.*

62.1-r0

63.*

63.1-r0

64.*

64.2-r0

65.*

65.1-r0

65.1-r1

66.*

66.1-r0

67.*

67.1-r0

67.1-r1

67.1-r2

69.*

69.1-r0

69.1-r1

70.*

70.1-r0

71.*

71.1-r0

71.1-r1

71.1-r2

71.1-r3

71.1-r4

72.*

72.1-r0

72.1-r1

72.1-r2

72.1-r3

73.*

73.1-r0

73.1-r1

73.1-r2

73.2-r0

73.2-r1

73.2-r2

73.2-r3

74.*

74.1-r0

74.2-r0

Alpine:v3.22 / icu

Package

Name: icu
Purl: pkg:apk/alpine/icu?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

76.1-r1

Affected versions

4.*

4.1.3-r0

4.2.0.1-r0

4.2.1-r0

4.4-r0

4.4-r1

4.4-r2

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.2-r0

4.4.2-r1

4.6-r0

4.6.1-r0

4.8-r0

4.8.1-r0

4.8.1.1-r0

4.8.1.1-r1

49.*

49.1.1-r0

49.1.2-r0

49.1.2-r1

50.*

50.1-r1

50.1.1-r1

50.1.2-r1

51.*

51.1-r0

51.2-r0

51.2-r1

52.*

52.1-r0

53.*

53.1-r0

54.*

54.1-r0

55.*

55.1-r0

55.1-r1

55.1-r2

56.*

56.1-r0

57.*

57.1-r0

57.1-r1

58.*

58.1-r1

58.2-r0

58.2-r1

58.2-r2

59.*

59.1-r0

59.1-r1

60.*

60.2-r0

60.2-r1

60.2-r2

60.2-r3

62.*

62.1-r0

63.*

63.1-r0

64.*

64.2-r0

65.*

65.1-r0

65.1-r1

66.*

66.1-r0

67.*

67.1-r0

67.1-r1

67.1-r2

69.*

69.1-r0

69.1-r1

70.*

70.1-r0

71.*

71.1-r0

71.1-r1

71.1-r2

71.1-r3

71.1-r4

72.*

72.1-r0

72.1-r1

72.1-r2

72.1-r3

73.*

73.1-r0

73.1-r1

73.1-r2

73.2-r0

73.2-r1

73.2-r2

73.2-r3

74.*

74.1-r0

74.2-r0

76.*

76.1-r0