1. Home
  2. Vulnerabilities
  3. CVE-2020-10531

CVE-2020-10531

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.39 % (74th)
0.39% Progress
Affected Products 11
Advisories 36
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Weaknesses
CWE-190
Integer Overflow or Wraparound
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2020-03-12 19:15:13
(4 years ago)
Updated Date
2023-11-07 03:14:10
(10 months ago)

Affected Products

Canonical

Debian

Fedoraproject

Google

Icu-project

Nodejs

Opensuse

Oracle

Redhat

Configuration #1

    CPE23 From Up To
  Icu-project International Components for Unicode For C/c++ 66.1 and prior versions cpe:2.3:a:icu-project:international_components_for_unicode::*:*:*:*:c\%2fc\%2b\%2b <= 66.1

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  Redhat Enterprise Linux Server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0
  Redhat Enterprise Linux Workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Configuration #3

    CPE23 From Up To
  Google Chrome prior 80.0.3987.122 version cpe:2.3:a:google:chrome < 80.0.3987.122

Configuration #4

    CPE23 From Up To
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33

Configuration #5

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #6

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10

Configuration #7

    CPE23 From Up To
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1

Configuration #8

    CPE23 From Up To
  Oracle Banking Extensibility Workbench 14.3.0 cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0
  Oracle Banking Extensibility Workbench 14.4.0 cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0

Configuration #9

    CPE23 From Up To
  Nodejs Node.js from 10.0.0 version and 10.12.0 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 10.0.0 <= 10.12.0
  Nodejs Node.js from 10.13.0 version and prior 10.21.0 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 10.13.0 < 10.21.0