{"id":"CVE-2025-5222","details":"A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.","modified":"2026-04-16T00:02:25.203082782Z","published":"2025-05-27T21:15:23.030Z","related":["ALSA-2025:11888","ALSA-2025:12083","SUSE-SU-2025:02059-1","SUSE-SU-2025:02079-1","SUSE-SU-2025:02216-1","openSUSE-SU-2025:15230-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:11888"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:12083"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:12331"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:12332"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:12333"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-5222"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368600"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unicode-org/icu","events":[{"introduced":"0"},{"fixed":"457157a92aa053e632cc7fcfd0e12f8a943b2d11"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"77.1"}]}}],"versions":["brs/2023-10-04","cldr-32-beta2","cldr/2020-09-22","cldr/2021-02-17","cldr/2021-03-09","cldr/2021-06-15","cldr/2021-08-11","cldr/2021-08-25","cldr/2021-09-15","cldr/2021-09-29","cldr/2022-02-08","cldr/2022-02-22","cldr/2022-02-23","cldr/2022-04-11","cldr/2022-05-28","cldr/2022-06-27","cldr/2022-08-01","cldr/2022-08-11","cldr/2022-08-17","cldr/2022-09-07","cldr/2022-09-12","cldr/2022-12-02","cldr/2022-12-04","cldr/2023-02-02","cldr/2023-02-21","cldr/2023-03-13","cldr/2023-03-15","cldr/2023-07-19","cldr/2023-07-20","cldr/2023-08-08","cldr/2023-08-22","cldr/2023-09-13","cldr/2023-09-25","cldr/2023-09-27","icu4x/2024-12-16/76.x","last-cvs-commit","last-svn-commit","milestone-59-0-1","milestone-60-0-1","release-59-rc","release-60-rc","release-61-rc","release-62-rc","release-63-rc","release-64-rc","release-65-rc","release-67-rc","release-68-alpha","release-68-rc","release-69-rc","release-70-rc","release-71-rc","release-72-rc","release-73-rc","release-74-rc","release-75-rc","release-76-rc","release-77-rc"],"database_specific":{"vanir_signatures":[{"id":"CVE-2025-5222-766869b3","source":"https://github.com/unicode-org/icu/commit/457157a92aa053e632cc7fcfd0e12f8a943b2d11","target":{"file":"icu4j/main/common_tests/src/test/java/com/ibm/icu/dev/test/util/ULocaleTest.java"},"digest":{"line_hashes":["295309340300957685074609112300146940891","269428952573887231121339385406655395190","190437084686170097544538184536125984890","132830090117250644852007522560018821043","112107708379846581411362349218816624036","260794071025088050772994361148691988165","160056934528296243121673659860885287692","199959194778351910290111171664332697668","21353937669025376178533552682433403790","167070727992870648319088480499172857939"],"threshold":0.9},"signature_version":"v1","deprecated":false,"signature_type":"Line"},{"digest":{"length":1432,"function_hash":"148691341547682037182391118470639084436"},"source":"https://github.com/unicode-org/icu/commit/457157a92aa053e632cc7fcfd0e12f8a943b2d11","target":{"function":"makeTable","file":"tools/cldr/cldr-to-icu/src/main/java/org/unicode/icu/tool/cldrtoicu/localedistance/LikelySubtagsBuilder.java"},"signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2025-5222-9e6bb5ba"},{"signature_type":"Function","source":"https://github.com/unicode-org/icu/commit/457157a92aa053e632cc7fcfd0e12f8a943b2d11","target":{"function":"likelySubtagsDataDriven","file":"icu4j/main/common_tests/src/test/java/com/ibm/icu/dev/test/util/ULocaleTest.java"},"id":"CVE-2025-5222-b2a66e6c","digest":{"function_hash":"271089080750162150157587461146173822207","length":1213},"deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["145407242532596960075001884462414527957","6534213920094264024438550808963261444","162621325529188262072181660939151906139","45440760445035304046139458375865290848","244328417444030477861086662771865464854","122656055037654942970210796009288544218","250990121404058258699060639881303912114"],"threshold":0.9},"source":"https://github.com/unicode-org/icu/commit/457157a92aa053e632cc7fcfd0e12f8a943b2d11","target":{"file":"icu4c/source/test/intltest/loctest.cpp"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2025-5222-b413e474"},{"id":"CVE-2025-5222-c7b08b4c","source":"https://github.com/unicode-org/icu/commit/457157a92aa053e632cc7fcfd0e12f8a943b2d11","target":{"file":"tools/cldr/cldr-to-icu/src/main/java/org/unicode/icu/tool/cldrtoicu/localedistance/LikelySubtagsBuilder.java"},"digest":{"line_hashes":["231557820963995623085211029920202569377","150755075343856115356668913111124766129","330690527451913616862358615079352288882","116663865726823617015987705167129230456"],"threshold":0.9},"signature_version":"v1","deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5222.json","vanir_signatures_modified":"2026-04-11T01:48:18Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}