International Components for Unicode Stack Buffer Overflow Vulnerability Allowing Local Arbitrary Code Execution

Vulnerability

A stack buffer overflow vulnerability has been identified in International Components for Unicode (ICU) version 76.0.1. The issue arises in the 'genrb' binary, where the 'subtag' structure overflows in the 'SRBRoot::addTag' function. This vulnerability may lead to memory corruption and allow for local arbitrary code execution.

Impact

Exploitation of this vulnerability can cause memory corruption and enable local arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

International Components for Unicode Stack Buffer Overflow Vulnerability Allowing Local Arbitrary Code Execution

Vulnerability

Impact

Affected Products

International Components for Unicode

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating