]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c855be0) | patch
icu: fix CVE-2025-5222
authorChangqing Li <changqing.li@windriver.com>
Mon, 7 Jul 2025 09:12:00 +0000 (17:12 +0800)
committerSteve Sakoman <steve@sakoman.com>
Fri, 11 Jul 2025 16:55:25 +0000 (09:55 -0700)
commit674a3780bb76f4c8adf92d4f91cc9146d32787aa
treeca0272f30b7d01bc3f74a80703b5a331bd443abetree | snapshot
parentc855be07828c9cff3aa7ddfa04eb0c4df28658e4commit | diff
icu: fix CVE-2025-5222

CVE-2025-5222:
A stack buffer overflow was found in Internationl components for unicode
(ICU ). While running the genrb binary, the 'subtag' struct overflowed
at the SRBRoot::addTag function. This issue may lead to memory
corruption and local arbitrary code execution.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2025-5222
https://unicode-org.atlassian.net/browse/ICU-22957
https://github.com/unicode-org/icu/commit/2c667e31cfd0b6bb1923627a932fd3453a5bac77

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-support/icu/icu/CVE-2025-5222.patch [new file with mode: 0644] blob
meta/recipes-support/icu/icu_76-1.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core