ALPINE-CVE-2025-5222
- Source
- https://security.alpinelinux.org/vuln/CVE-2025-5222
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-5222.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2025-5222
- Upstream
- Published
- 2025-05-27T21:15:23.030Z
- Modified
- 2026-03-09T01:24:02.480602Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
- References
Affected packages
Alpine:v3.19 / icu
Package
- Name
- icu
- Purl
- pkg:apk/alpine/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed74.1-r1
Affected versions
4.*
4.1.3-r0
4.2.0.1-r0
4.2.1-r0
4.4-r0
4.4-r1
4.4-r2
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.2-r1
4.6-r0
4.6.1-r0
4.8-r0
4.8.1-r0
4.8.1.1-r0
4.8.1.1-r1
49.*
49.1.1-r0
49.1.2-r0
49.1.2-r1
50.*
50.1-r1
50.1.1-r1
50.1.2-r1
51.*
51.1-r0
51.2-r0
51.2-r1
52.*
52.1-r0
53.*
53.1-r0
54.*
54.1-r0
55.*
55.1-r0
55.1-r1
55.1-r2
56.*
56.1-r0
57.*
57.1-r0
57.1-r1
58.*
58.1-r1
58.2-r0
58.2-r1
58.2-r2
59.*
59.1-r0
59.1-r1
60.*
60.2-r0
60.2-r1
60.2-r2
60.2-r3
62.*
62.1-r0
63.*
63.1-r0
64.*
64.2-r0
65.*
65.1-r0
65.1-r1
66.*
66.1-r0
67.*
67.1-r0
67.1-r1
67.1-r2
69.*
69.1-r0
69.1-r1
70.*
70.1-r0
71.*
71.1-r0
71.1-r1
71.1-r2
71.1-r3
71.1-r4
72.*
72.1-r0
72.1-r1
72.1-r2
72.1-r3
73.*
73.1-r0
73.1-r1
73.1-r2
73.2-r0
73.2-r1
73.2-r2
73.2-r3
74.*
74.1-r0
Alpine:v3.20 / icu
Package
- Name
- icu
- Purl
- pkg:apk/alpine/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed74.2-r1
Affected versions
4.*
4.1.3-r0
4.2.0.1-r0
4.2.1-r0
4.4-r0
4.4-r1
4.4-r2
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.2-r1
4.6-r0
4.6.1-r0
4.8-r0
4.8.1-r0
4.8.1.1-r0
4.8.1.1-r1
49.*
49.1.1-r0
49.1.2-r0
49.1.2-r1
50.*
50.1-r1
50.1.1-r1
50.1.2-r1
51.*
51.1-r0
51.2-r0
51.2-r1
52.*
52.1-r0
53.*
53.1-r0
54.*
54.1-r0
55.*
55.1-r0
55.1-r1
55.1-r2
56.*
56.1-r0
57.*
57.1-r0
57.1-r1
58.*
58.1-r1
58.2-r0
58.2-r1
58.2-r2
59.*
59.1-r0
59.1-r1
60.*
60.2-r0
60.2-r1
60.2-r2
60.2-r3
62.*
62.1-r0
63.*
63.1-r0
64.*
64.2-r0
65.*
65.1-r0
65.1-r1
66.*
66.1-r0
67.*
67.1-r0
67.1-r1
67.1-r2
69.*
69.1-r0
69.1-r1
70.*
70.1-r0
71.*
71.1-r0
71.1-r1
71.1-r2
71.1-r3
71.1-r4
72.*
72.1-r0
72.1-r1
72.1-r2
72.1-r3
73.*
73.1-r0
73.1-r1
73.1-r2
73.2-r0
73.2-r1
73.2-r2
73.2-r3
74.*
74.1-r0
74.2-r0
Alpine:v3.21 / icu
Package
- Name
- icu
- Purl
- pkg:apk/alpine/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed74.2-r1
Affected versions
4.*
4.1.3-r0
4.2.0.1-r0
4.2.1-r0
4.4-r0
4.4-r1
4.4-r2
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.2-r1
4.6-r0
4.6.1-r0
4.8-r0
4.8.1-r0
4.8.1.1-r0
4.8.1.1-r1
49.*
49.1.1-r0
49.1.2-r0
49.1.2-r1
50.*
50.1-r1
50.1.1-r1
50.1.2-r1
51.*
51.1-r0
51.2-r0
51.2-r1
52.*
52.1-r0
53.*
53.1-r0
54.*
54.1-r0
55.*
55.1-r0
55.1-r1
55.1-r2
56.*
56.1-r0
57.*
57.1-r0
57.1-r1
58.*
58.1-r1
58.2-r0
58.2-r1
58.2-r2
59.*
59.1-r0
59.1-r1
60.*
60.2-r0
60.2-r1
60.2-r2
60.2-r3
62.*
62.1-r0
63.*
63.1-r0
64.*
64.2-r0
65.*
65.1-r0
65.1-r1
66.*
66.1-r0
67.*
67.1-r0
67.1-r1
67.1-r2
69.*
69.1-r0
69.1-r1
70.*
70.1-r0
71.*
71.1-r0
71.1-r1
71.1-r2
71.1-r3
71.1-r4
72.*
72.1-r0
72.1-r1
72.1-r2
72.1-r3
73.*
73.1-r0
73.1-r1
73.1-r2
73.2-r0
73.2-r1
73.2-r2
73.2-r3
74.*
74.1-r0
74.2-r0
Alpine:v3.22 / icu
Package
- Name
- icu
- Purl
- pkg:apk/alpine/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed76.1-r1
Affected versions
4.*
4.1.3-r0
4.2.0.1-r0
4.2.1-r0
4.4-r0
4.4-r1
4.4-r2
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.2-r1
4.6-r0
4.6.1-r0
4.8-r0
4.8.1-r0
4.8.1.1-r0
4.8.1.1-r1
49.*
49.1.1-r0
49.1.2-r0
49.1.2-r1
50.*
50.1-r1
50.1.1-r1
50.1.2-r1
51.*
51.1-r0
51.2-r0
51.2-r1
52.*
52.1-r0
53.*
53.1-r0
54.*
54.1-r0
55.*
55.1-r0
55.1-r1
55.1-r2
56.*
56.1-r0
57.*
57.1-r0
57.1-r1
58.*
58.1-r1
58.2-r0
58.2-r1
58.2-r2
59.*
59.1-r0
59.1-r1
60.*
60.2-r0
60.2-r1
60.2-r2
60.2-r3
62.*
62.1-r0
63.*
63.1-r0
64.*
64.2-r0
65.*
65.1-r0
65.1-r1
66.*
66.1-r0
67.*
67.1-r0
67.1-r1
67.1-r2
69.*
69.1-r0
69.1-r1
70.*
70.1-r0
71.*
71.1-r0
71.1-r1
71.1-r2
71.1-r3
71.1-r4
72.*
72.1-r0
72.1-r1
72.1-r2
72.1-r3
73.*
73.1-r0
73.1-r1
73.1-r2
73.2-r0
73.2-r1
73.2-r2
73.2-r3
74.*
74.1-r0
74.2-r0
76.*
76.1-r0
Alpine:v3.23 / icu
Package
- Name
- icu
- Purl
- pkg:apk/alpine/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed76.1-r1
Affected versions
4.*
4.1.3-r0
4.2.0.1-r0
4.2.1-r0
4.4-r0
4.4-r1
4.4-r2
4.4.1-r0
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.2-r0
4.4.2-r1
4.6-r0
4.6.1-r0
4.8-r0
4.8.1-r0
4.8.1.1-r0
4.8.1.1-r1
49.*
49.1.1-r0
49.1.2-r0
49.1.2-r1
50.*
50.1-r1
50.1.1-r1
50.1.2-r1
51.*
51.1-r0
51.2-r0
51.2-r1
52.*
52.1-r0
53.*
53.1-r0
54.*
54.1-r0
55.*
55.1-r0
55.1-r1
55.1-r2
56.*
56.1-r0
57.*
57.1-r0
57.1-r1
58.*
58.1-r1
58.2-r0
58.2-r1
58.2-r2
59.*
59.1-r0
59.1-r1
60.*
60.2-r0
60.2-r1
60.2-r2
60.2-r3
62.*
62.1-r0
63.*
63.1-r0
64.*
64.2-r0
65.*
65.1-r0
65.1-r1
66.*
66.1-r0
67.*
67.1-r0
67.1-r1
67.1-r2
69.*
69.1-r0
69.1-r1
70.*
70.1-r0
71.*
71.1-r0
71.1-r1
71.1-r2
71.1-r3
71.1-r4
72.*
72.1-r0
72.1-r1
72.1-r2
72.1-r3
73.*
73.1-r0
73.1-r1
73.1-r2
73.2-r0
73.2-r1
73.2-r2
73.2-r3
74.*
74.1-r0
74.2-r0
76.*
76.1-r0