CVE-2020-10531
Description
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.79
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 12 (x64) (12.18.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 12 (12.18.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 14 (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 14 (x64) (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (x64) (10.21.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (10.21.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| (RHSA-2020:0897) icu security update icu-50.2-4.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0897) icu security update libicu-50.2-4.el7_7.i686.rpm | Linux |
| (RHSA-2020:0897) icu security update libicu-50.2-4.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0897) icu security update libicu-devel-50.2-4.el7_7.i686.rpm | Linux |
| (RHSA-2020:0897) icu security update libicu-devel-50.2-4.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0897) icu security update libicu-doc-50.2-4.el7_7.noarch.rpm | Linux |
| (RHSA-2020:0896) icu security update icu-4.2.1-15.el6_10.i686.rpm | Linux |
| (RHSA-2020:0896) icu security update icu-4.2.1-15.el6_10.x86_64.rpm | Linux |
| (RHSA-2020:0896) icu security update libicu-4.2.1-15.el6_10.i686.rpm | Linux |
| (RHSA-2020:0896) icu security update libicu-4.2.1-15.el6_10.x86_64.rpm | Linux |
| (RHSA-2020:0896) icu security update libicu-devel-4.2.1-15.el6_10.i686.rpm | Linux |
| (RHSA-2020:0896) icu security update libicu-devel-4.2.1-15.el6_10.x86_64.rpm | Linux |
| (RHSA-2020:0896) icu security update libicu-doc-4.2.1-15.el6_10.noarch.rpm | Linux |
| International Components for Unicode library (USN-4305-1) libicu55_55.1-7ubuntu0.5_i386.deb | Linux |
| International Components for Unicode library (USN-4305-1) libicu55_55.1-7ubuntu0.5_amd64.deb | Linux |
| International Components for Unicode library (USN-4305-1) libicu60_60.2-3ubuntu3.1_i386.deb | Linux |
| International Components for Unicode library (USN-4305-1) libicu60_60.2-3ubuntu3.1_amd64.deb | Linux |
| International Components for Unicode library (USN-4305-1) libicu63_63.2-2ubuntu0.1_i386.deb | Linux |
| International Components for Unicode library (USN-4305-1) libicu63_63.2-2ubuntu0.1_amd64.deb | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) icu-debuginfo-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) icu-debuginfo-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) icu-debugsource-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) icu-debugsource-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) libicu-doc-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) libicu-doc-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) libicu52_1-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) libicu52_1-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) libicu52_1-32bit-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) libicu52_1-32bit-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) libicu52_1-data-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) libicu52_1-data-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) libicu52_1-debuginfo-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP4 ) libicu52_1-debuginfo-32bit-52.1-8.10.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) libicu52_1-debuginfo-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| SUSE-SU-2020:1180-1(SUSE Linux Enterprise Server 12-SP5 ) libicu52_1-debuginfo-32bit-52.1-8.10.1.x86_64_SP5.rpm | Linux |
| (RHSA-2020:0902) icu security update icu-60.3-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0902) icu security update icu-debugsource-60.3-2.el8_1.i686.rpm | Linux |
| (RHSA-2020:0902) icu security update icu-debugsource-60.3-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0902) icu security update libicu-60.3-2.el8_1.i686.rpm | Linux |
| (RHSA-2020:0902) icu security update libicu-60.3-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0902) icu security update libicu-devel-60.3-2.el8_1.i686.rpm | Linux |
| (RHSA-2020:0902) icu security update libicu-devel-60.3-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0902) icu security update libicu-doc-60.3-2.el8_1.noarch.rpm | Linux |
| (RHSA-2020:1293) nodejs:12 security update nodejs-12.16.1-2.module+el8.1.0+6117+b25a342c.x86_64.rpm | Linux |
| (RHSA-2020:1293) nodejs:12 security update nodejs-debugsource-12.16.1-2.module+el8.1.0+6117+b25a342c.x86_64.rpm | Linux |
| (RHSA-2020:1293) nodejs:12 security update nodejs-devel-12.16.1-2.module+el8.1.0+6117+b25a342c.x86_64.rpm | Linux |
| (RHSA-2020:1293) nodejs:12 security update nodejs-docs-12.16.1-2.module+el8.1.0+6117+b25a342c.noarch.rpm | Linux |
| (RHSA-2020:1293) nodejs:12 security update nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm | Linux |
| (RHSA-2020:1293) nodejs:12 security update nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | Linux |
| (RHSA-2020:1293) nodejs:12 security update npm-6.13.4-1.12.16.1.2.module+el8.1.0+6117+b25a342c.x86_64.rpm | Linux |
| (RHSA-2020:1317) nodejs:10 security update nodejs-10.19.0-2.module+el8.1.0+6118+5aaa808b.x86_64.rpm | Linux |
| (RHSA-2020:1317) nodejs:10 security update nodejs-debugsource-10.19.0-2.module+el8.1.0+6118+5aaa808b.x86_64.rpm | Linux |
| (RHSA-2020:1317) nodejs:10 security update nodejs-devel-10.19.0-2.module+el8.1.0+6118+5aaa808b.x86_64.rpm | Linux |
| (RHSA-2020:1317) nodejs:10 security update nodejs-docs-10.19.0-2.module+el8.1.0+6118+5aaa808b.noarch.rpm | Linux |
| (RHSA-2020:1317) nodejs:10 security update nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm | Linux |
| (RHSA-2020:1317) nodejs:10 security update nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm | Linux |
| (RHSA-2020:1317) nodejs:10 security update npm-6.13.4-1.10.19.0.2.module+el8.1.0+6118+5aaa808b.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2020-1293) nodejs-nodemon-1.18.3-1.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2020-1293) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| (CESA-2020:0902) icu security update icu-60.3-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0902) icu security update libicu-60.3-2.el8_1.i686.rpm | Linux |
| (CESA-2020:0902) icu security update libicu-60.3-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0902) icu security update libicu-devel-60.3-2.el8_1.i686.rpm | Linux |
| (CESA-2020:0902) icu security update libicu-devel-60.3-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0902) icu security update libicu-doc-60.3-2.el8_1.noarch.rpm | Linux |
| (CESA-2020:0896) icu security update icu-4.2.1-15.el6_10.x86_64.rpm | Linux |
| (CESA-2020:0896) icu security update libicu-4.2.1-15.el6_10.i686.rpm | Linux |
| (CESA-2020:0896) icu security update libicu-4.2.1-15.el6_10.x86_64.rpm | Linux |
| (CESA-2020:0896) icu security update libicu-devel-4.2.1-15.el6_10.i686.rpm | Linux |
| (CESA-2020:0896) icu security update libicu-devel-4.2.1-15.el6_10.x86_64.rpm | Linux |
| (CESA-2020:0896) icu security update libicu-doc-4.2.1-15.el6_10.noarch.rpm | Linux |
| (CESA-2020:0897) icu security update icu-50.2-4.el7_7.x86_64.rpm | Linux |
| (CESA-2020:0897) icu security update libicu-50.2-4.el7_7.i686.rpm | Linux |
| (CESA-2020:0897) icu security update libicu-50.2-4.el7_7.x86_64.rpm | Linux |
| (CESA-2020:0897) icu security update libicu-devel-50.2-4.el7_7.i686.rpm | Linux |
| (CESA-2020:0897) icu security update libicu-devel-50.2-4.el7_7.x86_64.rpm | Linux |
| (CESA-2020:0897) icu security update libicu-doc-50.2-4.el7_7.noarch.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP4 ) icu73_2-debuginfo-73.2-150000.1.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP4 ) icu73_2-debugsource-73.2-150000.1.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP4 ) libicu73_2-73.2-150000.1.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP4 ) libicu73_2-debuginfo-73.2-150000.1.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP4 ) libicu73_2-devel-73.2-150000.1.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP4 ) libicu73_2-doc-73.2-150000.1.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP4 ) libicu73_2-ledata-73.2-150000.1.3.1.noarch.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP5 ) icu73_2-debuginfo-73.2-150000.1.3.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP5 ) icu73_2-debugsource-73.2-150000.1.3.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP5 ) libicu73_2-73.2-150000.1.3.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP5 ) libicu73_2-debuginfo-73.2-150000.1.3.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP5 ) libicu73_2-devel-73.2-150000.1.3.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP5 ) libicu73_2-doc-73.2-150000.1.3.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:3563-3(Basesystem Module 15-SP5 ) libicu73_2-ledata-73.2-150000.1.3.1.noarch_15_SP5.rpm | Linux |
| (RHSA-2020:0897)Important: security update icu-debuginfo-50.2-4.el7_7.i686.rpm | Linux |
| (RHSA-2020:0897)Important: security update icu-debuginfo-50.2-4.el7_7.x86_64.rpm | Linux |
| (RHSA-2020:0902)Important: security update icu-debuginfo-60.3-2.el8_1.i686.rpm | Linux |
| (RHSA-2020:0902)Important: security update icu-debuginfo-60.3-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0902)Important: security update libicu-debuginfo-60.3-2.el8_1.i686.rpm | Linux |
| (RHSA-2020:0902)Important: security update libicu-debuginfo-60.3-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0902)Important: security update libicu-devel-debuginfo-60.3-2.el8_1.i686.rpm | Linux |
| (RHSA-2020:0902)Important: security update libicu-devel-debuginfo-60.3-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:1317)Important: security update nodejs-debuginfo-10.19.0-2.module+el8.1.0+6118+5aaa808b.x86_64.rpm | Linux |
| (RHSA-2020:1317)Important: security update nodejs-devel-debuginfo-10.19.0-2.module+el8.1.0+6118+5aaa808b.x86_64.rpm | Linux |
| icu security update (RLSA-2020:0902) icu-60.3-2.el8_1.x86_64.rpm | Linux |
| icu security update (RLSA-2020:0902) libicu-60.3-2.el8_1.i686.rpm | Linux |
| icu security update (RLSA-2020:0902) libicu-60.3-2.el8_1.x86_64.rpm | Linux |
| icu security update (RLSA-2020:0902) libicu-doc-60.3-2.el8_1.noarch.rpm | Linux |
| icu security update (RLSA-2020:0902) libicu-devel-60.3-2.el8_1.i686.rpm | Linux |
| icu security update (RLSA-2020:0902) libicu-devel-60.3-2.el8_1.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2020-2848) nodejs-nodemon-1.18.3-1.module+el8.1.0+5392+4d6b561f.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2020-2848) nodejs-packaging-17-3.module+el8.1.0+5392+4d6b561f.noarch.rpm | Linux |
| Icu update (ELSA-2020-0902) icu-60.3-2.el8_1.x86_64.rpm | Linux |
| Libicu update (ELSA-2020-0902) libicu-60.3-2.el8_1.i686.rpm | Linux |
| Libicu update (ELSA-2020-0902) libicu-60.3-2.el8_1.x86_64.rpm | Linux |
| Libicu-devel update (ELSA-2020-0902) libicu-devel-60.3-2.el8_1.i686.rpm | Linux |
| Libicu-devel update (ELSA-2020-0902) libicu-devel-60.3-2.el8_1.x86_64.rpm | Linux |
| Libicu-doc update (ELSA-2020-0902) libicu-doc-60.3-2.el8_1.noarch.rpm | Linux |
| Important: icu security update libicu-60.3-2.el8_1.i686.rpm | Linux |
| Important: icu security update libicu-60.3-2.el8_1.x86_64.rpm | Linux |
| Important: icu security update libicu-devel-60.3-2.el8_1.i686.rpm | Linux |
| Important: icu security update libicu-devel-60.3-2.el8_1.x86_64.rpm | Linux |
| Important: icu security update libicu-doc-60.3-2.el8_1.noarch.rpm | Linux |
| Important: icu security update icu-60.3-2.el8_1.x86_64.rpm | Linux |
| Npm update (ELSA-2025-8514) npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-packaging-bundler update (ELSA-2025-8514) nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2025-8514) nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-nodemon update (ELSA-2025-8514) nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2025-8514) nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2025-8514) nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-devel update (ELSA-2025-8514) nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs update (ELSA-2025-8514) nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Out-of-bounds Write Vulnerability (CVE-2020-10531) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234