CVE-2020-10531
icu - security update
8.8
HIGH
CVSS 3.1
EPSS 0.79%
Description
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
How to fix CVE-2020-10531
To remediate CVE-2020-10531, upgrade the affected package to a fixed version below.
- Alpine/icu—upgrade to 64.2-r1 or later
- —upgrade to 10.21.0 or later
- —upgrade to 10.21.0 or later
- —upgrade to 63.2-3 or later
- —upgrade to 52.1-8+deb8u8 or later
- —upgrade to 57.1-6+deb9u4 or later
Is CVE-2020-10531 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- from 0, < 64.2-r1
- >= 10.13.0, < 10.21.0
- >= 10.13.0, < 10.21.0
- from 0, < 63.2-3
- from 0, < 52.1-8+deb8u8
- from 0, < 57.1-6+deb9u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |