CVE-2020-10531

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
icu-projectinternational_components_for_unicode
𝑥
≤ 66.1
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
googlechrome
𝑥
< 80.0.3987.122
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
opensuseleap
15.1
oraclebanking_extensibility_workbench
14.3.0
oraclebanking_extensibility_workbench
14.4.0
nodejsnode.js
10.0.0 ≤
𝑥
≤ 10.12.0
nodejsnode.js
10.13.0 ≤
𝑥
< 10.21.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
icu
bookworm
72.1-3
fixed
bullseye
67.1-7
fixed
sid
72.1-5
fixed
trixie
72.1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
bionic
Fixed 80.0.3987.149-0ubuntu0.18.04.1
released
eoan
not-affected
trusty
dne
xenial
Fixed 80.0.3987.149-0ubuntu0.16.04.1
released
icu
bionic
Fixed 60.2-3ubuntu3.1
released
eoan
Fixed 63.2-2ubuntu0.1
released
trusty
Fixed 52.1-3ubuntu0.8+esm1
released
xenial
Fixed 55.1-7ubuntu0.5
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libicu-devel
suse enterprise desktop 15 SP1
60.2-3.9.1
fixed
suse enterprise sap 15 SP1
60.2-3.9.1
fixed
suse enterprise server 15
60.2-3.9.1
fixed
suse enterprise server 15 SP1
60.2-3.9.1
fixed
libicu-doc
suse enterprise sap 12 SP1
52.1-8.10.1
fixed
suse enterprise sap 12 SP2
52.1-8.10.1
fixed
suse enterprise sap 12 SP3
52.1-8.10.1
fixed
suse enterprise sap 12 SP4
52.1-8.10.1
fixed
suse enterprise sap 12 SP5
52.1-8.10.1
fixed
suse enterprise server 12 SP1
52.1-8.10.1
fixed
suse enterprise server 12 SP2
52.1-8.10.1
fixed
suse enterprise server 12 SP3
52.1-8.10.1
fixed
suse enterprise server 12 SP4
52.1-8.10.1
fixed
suse enterprise server 12 SP5
52.1-8.10.1
fixed
libicu52_1
suse enterprise sap 12 SP1
52.1-8.10.1
fixed
suse enterprise sap 12 SP2
52.1-8.10.1
fixed
suse enterprise sap 12 SP3
52.1-8.10.1
fixed
suse enterprise sap 12 SP4
52.1-8.10.1
fixed
suse enterprise sap 12 SP5
52.1-8.10.1
fixed
suse enterprise server 12 SP1
52.1-8.10.1
fixed
suse enterprise server 12 SP2
52.1-8.10.1
fixed
suse enterprise server 12 SP3
52.1-8.10.1
fixed
suse enterprise server 12 SP4
52.1-8.10.1
fixed
suse enterprise server 12 SP5
52.1-8.10.1
fixed
libicu52_1-32bit
suse enterprise sap 12 SP1
52.1-8.10.1
fixed
suse enterprise sap 12 SP2
52.1-8.10.1
fixed
suse enterprise sap 12 SP3
52.1-8.10.1
fixed
suse enterprise sap 12 SP4
52.1-8.10.1
fixed
suse enterprise sap 12 SP5
52.1-8.10.1
fixed
suse enterprise server 12 SP1
52.1-8.10.1
fixed
suse enterprise server 12 SP2
52.1-8.10.1
fixed
suse enterprise server 12 SP3
52.1-8.10.1
fixed
suse enterprise server 12 SP4
52.1-8.10.1
fixed
suse enterprise server 12 SP5
52.1-8.10.1
fixed
libicu52_1-data
suse enterprise sap 12 SP1
52.1-8.10.1
fixed
suse enterprise sap 12 SP2
52.1-8.10.1
fixed
suse enterprise sap 12 SP3
52.1-8.10.1
fixed
suse enterprise sap 12 SP4
52.1-8.10.1
fixed
suse enterprise sap 12 SP5
52.1-8.10.1
fixed
suse enterprise server 12 SP1
52.1-8.10.1
fixed
suse enterprise server 12 SP2
52.1-8.10.1
fixed
suse enterprise server 12 SP3
52.1-8.10.1
fixed
suse enterprise server 12 SP4
52.1-8.10.1
fixed
suse enterprise server 12 SP5
52.1-8.10.1
fixed
libicu60_2
suse enterprise desktop 15 SP1
60.2-3.9.1
fixed
suse enterprise desktop 15 SP6
60.2-3.9.1
fixed
suse enterprise desktop 15 SP7
60.2-3.9.1
fixed
suse enterprise sap 15 SP1
60.2-3.9.1
fixed
suse enterprise sap 15 SP2
60.2-3.9.1
fixed
suse enterprise sap 15 SP3
60.2-3.9.1
fixed
suse enterprise sap 15 SP4
60.2-3.9.1
fixed
suse enterprise sap 15 SP5
60.2-3.9.1
fixed
suse enterprise sap 15 SP6
60.2-3.9.1
fixed
suse enterprise sap 15 SP7
60.2-3.9.1
fixed
suse enterprise server 15
60.2-3.9.1
fixed
suse enterprise server 15 SP1
60.2-3.9.1
fixed
suse enterprise server 15 SP2
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP3
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP4
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP5
60.2-3.9.1
fixed
suse enterprise server 15 SP6
60.2-3.9.1
fixed
suse enterprise server 15 SP7
60.2-3.9.1
fixed
libicu60_2-bedata
suse enterprise desktop 15 SP1
60.2-3.9.1
fixed
suse enterprise desktop 15 SP6
60.2-3.9.1
fixed
suse enterprise desktop 15 SP7
60.2-3.9.1
fixed
suse enterprise sap 15 SP1
60.2-3.9.1
fixed
suse enterprise sap 15 SP2
60.2-3.9.1
fixed
suse enterprise sap 15 SP3
60.2-3.9.1
fixed
suse enterprise sap 15 SP4
60.2-3.9.1
fixed
suse enterprise sap 15 SP5
60.2-3.9.1
fixed
suse enterprise sap 15 SP6
60.2-3.9.1
fixed
suse enterprise sap 15 SP7
60.2-3.9.1
fixed
suse enterprise server 15
60.2-3.9.1
fixed
suse enterprise server 15 SP1
60.2-3.9.1
fixed
suse enterprise server 15 SP2
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP3
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP4
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP5
60.2-3.9.1
fixed
suse enterprise server 15 SP6
60.2-3.9.1
fixed
suse enterprise server 15 SP7
60.2-3.9.1
fixed
libicu60_2-ledata
suse enterprise desktop 15 SP1
60.2-3.9.1
fixed
suse enterprise desktop 15 SP6
60.2-3.9.1
fixed
suse enterprise desktop 15 SP7
60.2-3.9.1
fixed
suse enterprise sap 15 SP1
60.2-3.9.1
fixed
suse enterprise sap 15 SP2
60.2-3.9.1
fixed
suse enterprise sap 15 SP3
60.2-3.9.1
fixed
suse enterprise sap 15 SP4
60.2-3.9.1
fixed
suse enterprise sap 15 SP5
60.2-3.9.1
fixed
suse enterprise sap 15 SP6
60.2-3.9.1
fixed
suse enterprise sap 15 SP7
60.2-3.9.1
fixed
suse enterprise server 15
60.2-3.9.1
fixed
suse enterprise server 15 SP1
60.2-3.9.1
fixed
suse enterprise server 15 SP2
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP3
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP4
60.2-150000.3.15.4
fixed
suse enterprise server 15 SP5
60.2-3.9.1
fixed
suse enterprise server 15 SP6
60.2-3.9.1
fixed
suse enterprise server 15 SP7
60.2-3.9.1
fixed
libicu73_2
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-bedata
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-devel
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-doc
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-ledata
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
nodejs10
suse enterprise sap 12
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP3
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP4
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP5
10.21.0-1.24.1
fixed
suse enterprise sap 15 SP1
10.21.0-1.21.1
fixed
suse enterprise sap 15 SP2
10.21.0-1.21.1
fixed
suse enterprise server 12
10.21.0-1.24.1
fixed
suse enterprise server 12 SP3
10.21.0-1.24.1
fixed
suse enterprise server 12 SP4
10.21.0-1.24.1
fixed
suse enterprise server 12 SP5
10.21.0-1.24.1
fixed
suse enterprise server 15
10.21.0-1.21.1
fixed
suse enterprise server 15 SP1
10.21.0-1.21.1
fixed
suse enterprise server 15 SP2
10.21.0-1.21.1
fixed
nodejs10-devel
suse enterprise sap 12
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP3
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP4
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP5
10.21.0-1.24.1
fixed
suse enterprise sap 15 SP1
10.21.0-1.21.1
fixed
suse enterprise sap 15 SP2
10.21.0-1.21.1
fixed
suse enterprise server 12
10.21.0-1.24.1
fixed
suse enterprise server 12 SP3
10.21.0-1.24.1
fixed
suse enterprise server 12 SP4
10.21.0-1.24.1
fixed
suse enterprise server 12 SP5
10.21.0-1.24.1
fixed
suse enterprise server 15
10.21.0-1.21.1
fixed
suse enterprise server 15 SP1
10.21.0-1.21.1
fixed
suse enterprise server 15 SP2
10.21.0-1.21.1
fixed
nodejs10-docs
suse enterprise sap 12
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP3
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP4
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP5
10.21.0-1.24.1
fixed
suse enterprise sap 15 SP1
10.21.0-1.21.1
fixed
suse enterprise sap 15 SP2
10.21.0-1.21.1
fixed
suse enterprise server 12
10.21.0-1.24.1
fixed
suse enterprise server 12 SP3
10.21.0-1.24.1
fixed
suse enterprise server 12 SP4
10.21.0-1.24.1
fixed
suse enterprise server 12 SP5
10.21.0-1.24.1
fixed
suse enterprise server 15
10.21.0-1.21.1
fixed
suse enterprise server 15 SP1
10.21.0-1.21.1
fixed
suse enterprise server 15 SP2
10.21.0-1.21.1
fixed
npm10
suse enterprise sap 12
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP3
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP4
10.21.0-1.24.1
fixed
suse enterprise sap 12 SP5
10.21.0-1.24.1
fixed
suse enterprise sap 15 SP1
10.21.0-1.21.1
fixed
suse enterprise sap 15 SP2
10.21.0-1.21.1
fixed
suse enterprise server 12
10.21.0-1.24.1
fixed
suse enterprise server 12 SP3
10.21.0-1.24.1
fixed
suse enterprise server 12 SP4
10.21.0-1.24.1
fixed
suse enterprise server 12 SP5
10.21.0-1.24.1
fixed
suse enterprise server 15
10.21.0-1.21.1
fixed
suse enterprise server 15 SP1
10.21.0-1.21.1
fixed
suse enterprise server 15 SP2
10.21.0-1.21.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
chromium-browser
RHEL 6
0:80.0.3987.122-1.el6_10
fixed
icu
RHEL 6
0:4.2.1-15.el6_10
fixed
RHEL 7
0:50.2-4.el7_7
fixed
RHEL 8
0:60.3-2.el8_1
fixed
RHEL 8.0 E4S
0:60.3-2.el8_0
fixed
RHEL 8.1 E4S
0:60.3-2.el8_1
fixed
RHEL 8.1 EUS
0:60.3-2.el8_1
fixed
libicu
RHEL 6
0:4.2.1-15.el6_10
fixed
RHEL 7
0:50.2-4.el7_7
fixed
RHEL 8
0:60.3-2.el8_1
fixed
RHEL 8.0 E4S
0:60.3-2.el8_0
fixed
RHEL 8.1 E4S
0:60.3-2.el8_1
fixed
RHEL 8.1 EUS
0:60.3-2.el8_1
fixed
libicu-devel
RHEL 6
0:4.2.1-15.el6_10
fixed
RHEL 7
0:50.2-4.el7_7
fixed
RHEL 8
0:60.3-2.el8_1
fixed
RHEL 8.0 E4S
0:60.3-2.el8_0
fixed
RHEL 8.1 E4S
0:60.3-2.el8_1
fixed
RHEL 8.1 EUS
0:60.3-2.el8_1
fixed
libicu-doc
RHEL 6
0:4.2.1-15.el6_10
fixed
RHEL 7
0:50.2-4.el7_7
fixed
RHEL 8
0:60.3-2.el8_1
fixed
RHEL 8.0 E4S
0:60.3-2.el8_0
fixed
RHEL 8.1 E4S
0:60.3-2.el8_1
fixed
RHEL 8.1 EUS
0:60.3-2.el8_1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html
https://access.redhat.com/errata/RHSA-2020:0738
https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08
https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
https://github.com/unicode-org/icu/pull/971
https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://security.gentoo.org/glsa/202003-15
https://unicode-org.atlassian.net/browse/ICU-20958
https://usn.ubuntu.com/4305-1/
https://www.debian.org/security/2020/dsa-4646
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html
https://access.redhat.com/errata/RHSA-2020:0738
https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08
https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
https://github.com/unicode-org/icu/pull/971
https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://security.gentoo.org/glsa/202003-15
https://unicode-org.atlassian.net/browse/ICU-20958
https://usn.ubuntu.com/4305-1/
https://www.debian.org/security/2020/dsa-4646
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html