CVE-2020-10531

Published: 12 March 2020

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian 		Upstream
Released (80.0.3987.122)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (80.0.3987.149-0ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (80.0.3987.149-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08
icu
Launchpad, Ubuntu, Debian 		Upstream Needed

Ubuntu 20.04 LTS (Focal Fossa)
Released (66.1-2ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (60.2-3ubuntu3.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (55.1-7ubuntu0.5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (52.1-3ubuntu0.8+esm1)
Ubuntu 12.04 ESM (Precise Pangolin)
Released (4.8.1.1-3ubuntu0.10)
Patches:
Upstream: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca

Notes

AuthorNote
leosilva According with debian versions bellow 52.1.8 are not affected because code is not present, though, it needs further confirmation. keep precise/trusty as needs-triage.
mdeslaur in xenial and older releases, vulnerable code looks to be in UnicodeString::doReplace, need to investigate
leosilva doAppend was write based on doReplace, that originally shipped the vul code more info, check commit 3d77fc18b8b. Marking precise/trusty as needed.

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading