Bugzilla – Bug 1166844
VUL-0: CVE-2020-10531: icu: ICU: Integer overflow in UnicodeString:doAppend()
Last modified: 2024-07-19 12:47:00 UTC
rh#1807349 Integer overflow in ICU References: https://bugzilla.redhat.com/show_bug.cgi?id=1807349 https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10531 https://access.redhat.com/errata/RHSA-2020:0738 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-10531.html https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca https://github.com/unicode-org/icu/pull/971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531 https://unicode-org.atlassian.net/browse/ICU-20958 https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08
SLE15-Update: affected source/common/unistr.cpp: UnicodeString::doAppend() seems to contain the integer overflow SLE12-Update and older: don't have doAppend()
Patch: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
SLE10-SP3-Update: different (much older) implementation (icu-3.4), but probably similar bug: source/common/unicode/unistr.h: UnicodeString::append() just uses UnicodeString::doReplace() therefore not directly affected, but source/common/unistr.cpp: UnicodeString::doReplace() seems to be affected by a similar integer overflow * SLE11-Update: SLE11-SP1-Update: SLE12-Update: same issue as in SLE10-SP3-Update
In SLE15-Update UnicodeString::doReplace() has some overflow check, so this second issue probably does not apply to SLE15. However, this check is missing in older versions, which could mean that the integer overflow in doReplace() is indeed a problem in SLE10-SLE12.
Summary: All code streams seem to be affected by the integer overflow. * SLE15: source/common/unistr.cpp: UnicodeString::doAppend() * SLE12, SLE11-SP1, SLE11, SLE10-SP3: source/common/unistr.cpp: UnicodeString::doReplace()
Description: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
SUSE-SU-2020:0819-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1166844 CVE References: CVE-2020-10531 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): icu-60.2-3.9.1 SUSE Linux Enterprise Server 15-LTSS (src): icu-60.2-3.9.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): icu-60.2-3.9.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): icu-60.2-3.9.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): icu-60.2-3.9.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): icu-60.2-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0459-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1166844 CVE References: CVE-2020-10531 Sources used: openSUSE Leap 15.1 (src): icu-60.2-lp151.3.11.1
SUSE-SU-2020:1180-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1166844 CVE References: CVE-2020-10531 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): icu-52.1-8.10.1 SUSE OpenStack Cloud 8 (src): icu-52.1-8.10.1 SUSE OpenStack Cloud 7 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Workstation Extension 12-SP4 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server 12-SP5 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server 12-SP4 (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): icu-52.1-8.10.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): icu-52.1-8.10.1 SUSE Enterprise Storage 5 (src): icu-52.1-8.10.1 HPE Helion Openstack 8 (src): icu-52.1-8.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
also referenced in nodejs security release. https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/nodejs-sec/UMBIO87oLbM/QpGMqNAGBwAJ
This is an autogenerated message for OBS integration: This bug (1166844) was mentioned in https://build.opensuse.org/request/show/811807 Factory / nodejs10
SUSE-SU-2020:1568-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (critical) Bug References: 1162117,1166844,1166916,1172442,1172443 CVE References: CVE-2020-10531,CVE-2020-11080,CVE-2020-7598,CVE-2020-8174 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): nodejs10-10.21.0-1.21.1 SUSE Linux Enterprise Server 15-LTSS (src): nodejs10-10.21.0-1.21.1 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs10-10.21.0-1.21.1 SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src): nodejs10-10.21.0-1.21.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): nodejs10-10.21.0-1.21.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): nodejs10-10.21.0-1.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1575-1: An update that fixes four vulnerabilities is now available. Category: security (critical) Bug References: 1166844,1166916,1172442,1172443 CVE References: CVE-2020-10531,CVE-2020-11080,CVE-2020-7598,CVE-2020-8174 Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs10-10.21.0-1.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1166844) was mentioned in https://build.opensuse.org/request/show/812980 Factory / nodejs10
SUSE-SU-2020:0819-2: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1166844 CVE References: CVE-2020-10531 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): icu-60.2-3.9.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): icu-60.2-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Seems to be missing for: - SUSE:SLE-15-SP2:Update/icu
SUSE-SU-2023:3563-1: An update that solves two vulnerabilities, contains two features and has 16 security fixes can now be installed. Category: security (moderate) Bug References: 1030253, 1095425, 1103893, 1112183, 1146907, 1158955, 1159131, 1161007, 1162882, 1166844, 1167603, 1182252, 1182645, 1192935, 1193951, 354372, 437293, 824262 CVE References: CVE-2020-10531, CVE-2020-21913 Jira References: PED-4917, SLE-11118 Sources used: SUSE Manager Retail Branch Server 4.2 (src): icu73_2-73.2-150000.1.3.1 SUSE Manager Server 4.2 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.1 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.2 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): icu73_2-73.2-150000.1.3.1 openSUSE Leap 15.4 (src): icu73_2-73.2-150000.1.3.1 openSUSE Leap 15.5 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.3 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.4 (src): icu73_2-73.2-150000.1.3.1 Basesystem Module 15-SP4 (src): icu73_2-73.2-150000.1.3.1 Basesystem Module 15-SP5 (src): icu73_2-73.2-150000.1.3.1 SUSE Manager Proxy 4.2 (src): icu73_2-73.2-150000.1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3563-2: An update that solves two vulnerabilities, contains two features and has 16 security fixes can now be installed. Category: security (moderate) Bug References: 1030253, 1095425, 1103893, 1112183, 1146907, 1158955, 1159131, 1161007, 1162882, 1166844, 1167603, 1182252, 1182645, 1192935, 1193951, 354372, 437293, 824262 CVE References: CVE-2020-10531, CVE-2020-21913 Jira References: PED-4917, SLE-11118 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): icu73_2-73.2-150000.1.3.1 SUSE Enterprise Storage 7.1 (src): icu73_2-73.2-150000.1.3.1 SUSE Enterprise Storage 7 (src): icu73_2-73.2-150000.1.3.1 SUSE CaaS Platform 4.0 (src): icu73_2-73.2-150000.1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3563-3: An update that solves two vulnerabilities, contains two features and has 16 security fixes can now be installed. Category: security (moderate) Bug References: 1030253, 1095425, 1103893, 1112183, 1146907, 1158955, 1159131, 1161007, 1162882, 1166844, 1167603, 1182252, 1182645, 1192935, 1193951, 354372, 437293, 824262 CVE References: CVE-2020-10531, CVE-2020-21913 Jira References: PED-4917, SLE-11118 Sources used: SUSE Manager Retail Branch Server 4.2 (src): icu73_2-73.2-150000.1.3.1 SUSE Manager Server 4.2 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.1 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.2 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): icu73_2-73.2-150000.1.3.1 openSUSE Leap Micro 5.2 (src): icu73_2-73.2-150000.1.3.1 openSUSE Leap Micro 5.3 (src): icu73_2-73.2-150000.1.3.1 openSUSE Leap Micro 5.4 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.3 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): icu73_2-73.2-150000.1.3.1 SUSE Linux Enterprise Micro 5.4 (src): icu73_2-73.2-150000.1.3.1 Basesystem Module 15-SP4 (src): icu73_2-73.2-150000.1.3.1 Basesystem Module 15-SP5 (src): icu73_2-73.2-150000.1.3.1 SUSE Manager Proxy 4.2 (src): icu73_2-73.2-150000.1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.