CVE-2025-5222
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-5222
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5222.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-5222
- Related
- Published
- 2025-05-27T21:15:23Z
- Modified
- 2025-06-05T05:47:36.094793Z
- Summary
- [none]
- Details
-
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
- References
Affected packages
Debian:11 / icu
Package
- Name
- icu
- Purl
- pkg:deb/debian/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
67.*
67.1-7
68.*
68.1~rc-1
68.1-1
68.2-1
69.*
69.1-1
69.1-2
70.*
70.1~rc-1
70.1-1
70.1-2
71.*
71.1~rc-1
71.1-1
71.1-2
71.1-3
72.*
72.1~rc-1
72.1-1
72.1-2
72.1-3
72.1-3+loong64
72.1-4
72.1-5
72.1-6
73.*
73.1~rc-1
73.1-1
73.2-1
74.*
74.1~rc-1
74.1~rc-2
74.1-1
74.2-1
75.*
75.1~rc-1
75.1-1
75.1-2
76.*
76.1~rc-1
76.1-1
76.1-2
76.1-3
76.1-4
Debian:12 / icu
Package
- Name
- icu
- Purl
- pkg:deb/debian/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / icu
Package
- Name
- icu
- Purl
- pkg:deb/debian/icu?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed76.1-4