A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Se detectó un desbordamiento del búfer de pila en componentes internacionales para Unicode (ICU). Al ejecutar el binario genrb, la estructura 'subtag' se desbordó en la función SRBRoot::addTag. Este problema puede provocar corrupción de memoria y la ejecución local de código arbitrario.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-120
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| unicode | international_components_for_unicode | * | <built-in method update of dict object at 0x702bdc6a5cc0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:unicode:international_components_for_unicode:*:*:*:*:*:*:*:* |