CVE-2020-10531

Published: 12 March 2020

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (80.0.3987.122)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (80.0.3987.149-0ubuntu0.18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (80.0.3987.149-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08
icu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 20.04 LTS (Focal Fossa)
Released (66.1-2ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (60.2-3ubuntu3.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (55.1-7ubuntu0.5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (52.1-3ubuntu0.8+esm1)
Ubuntu 12.04 ESM (Precise Pangolin)
Released (4.8.1.1-3ubuntu0.10)
Patches:
Upstream: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca

Notes

AuthorNote
leosilva According with debian versions bellow 52.1.8 are not affected because code is not present, though, it needs further confirmation. keep precise/trusty as needs-triage.
mdeslaur in xenial and older releases, vulnerable code looks to be in UnicodeString::doReplace, need to investigate
leosilva doAppend was write based on doReplace, that originally shipped the vul code more info, check commit 3d77fc18b8b. Marking precise/trusty as needed.

References

Bugs