Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2020-10531 | Mondoo Vulnerability Intelligence

CVE-2020-10531

HIGH8.8

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66

Published Mar 12, 2020

Modified 1 years ago

No fix available

Details

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

References

ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0738 WEBhttps://bugs.chromium.org/p/chromium/issues/detail?id=1044570 WEBhttps://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html WEBhttps://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 WEBhttps://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca WEBhttps://github.com/unicode-org/icu/pull/971 WEBhttps://lists.debian.org/debian-lts-announce/2020/03/msg00024.html ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ADVISORYhttps://security.gentoo.org/glsa/202003-15 WEBhttps://unicode-org.atlassian.net/browse/ICU-20958 ADVISORYhttps://usn.ubuntu.com/4305-1/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2020-10531 ADVISORYhttps://www.debian.org/security/2020/dsa-4646 WEBhttps://www.oracle.com//security-alerts/cpujul2021.html WEBhttps://www.oracle.com/security-alerts/cpuapr2022.html WEBhttps://www.oracle.com/security-alerts/cpujan2021.html

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMar 12, 2020

ModifiedAug 4, 2024