CVE-2020-10531

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-10531
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10531.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10531
Aliases
Downstream
Related
Published
2020-03-12T19:15:13.227Z
Modified
2026-04-11T15:27:39.772520Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce3e3c5fe15479475c068482c48eb9cbf1ac9df5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0d8021e5a4cf0a6aa3a700a361f6d42c2894f2ba
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fa9990f3fb5b06fe94e294925246d2c136deb2c2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf41627411886000429bde058a6594fb7f6d6d47
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2291e079f22e6df1f7683a05d17364b2ab3bfdab
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5d81e4d677e8a00c2d0d3a23e2bd74bf9f1deb57
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
27adbf027f2dd3a75b22518f6825e1a1937059d1
Introduced
cf41627411886000429bde058a6594fb7f6d6d47
Last affected
4a276cc2a960b3f9a138ac3a99c9249a63b4d472
Introduced
ab4af087e83d91a46354d765306d3543b1d85423
Fixed
23adb548a57db0c56e359265108e7fe71d8b4f73
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "14.4.0"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.12.0"
        },
        {
            "introduced": "10.13.0"
        },
        {
            "fixed": "10.21.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/unicode-org/icu
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5f681ecbc75898a6484217b322f3883b6d1b2049
Fixed
b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "66.1"
        }
    ]
}

Affected versions

Other
cldr-32-beta2
last-cvs-commit
last-svn-commit
milestone-59-0-1
milestone-60-0-1
release-59-rc
release-60-rc
release-61-rc
release-62-rc
release-63-rc
release-64-rc
release-65-rc
release-66-1
release-66-preview
release-66-rc
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.16.3
v10.17.0
v10.18.0
v10.18.1
v10.19.0
v10.2.0
v10.2.1
v10.20.0
v10.20.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v14.*
v14.0.0
v14.1.0
v14.2.0
v14.3.0
v14.4.0
v15.*
v15.0.0
v15.0.1
v15.1.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0
v6.*
v6.0.0
v8.*
v8.0.0
v9.*
v9.0.0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "80.0.3987.122"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.10"
            }
        ]
    }
]
vanir_signatures_modified 
"2026-04-11T15:27:39Z"
vanir_signatures 
[
    {
        "deprecated": false,
        "target": {
            "file": "icu4c/source/common/unistr.cpp"
        },
        "id": "CVE-2020-10531-073eef5e",
        "signature_type": "Line",
        "source": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "163326310584139620683127306141902484022",
                "53777311359894187782715740876739193896",
                "259529947505127728544220868421245451215",
                "275100226479365140411992926648193383127"
            ],
            "threshold": 0.9
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "icu4c/source/common/unistr.cpp",
            "function": "UnicodeString::doAppend"
        },
        "id": "CVE-2020-10531-52deb174",
        "signature_type": "Function",
        "source": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca",
        "signature_version": "v1",
        "digest": {
            "function_hash": "311203197988252367781213452935901397736",
            "length": 783.0
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "icu4c/source/test/intltest/ustrtest.cpp",
            "function": "UnicodeStringTest::runIndexedTest"
        },
        "id": "CVE-2020-10531-8aefd4ce",
        "signature_type": "Function",
        "source": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca",
        "signature_version": "v1",
        "digest": {
            "function_hash": "282047263291457392771884626389331655576",
            "length": 1182.0
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "icu4c/source/test/intltest/ustrtest.cpp"
        },
        "id": "CVE-2020-10531-e4962e84",
        "signature_type": "Line",
        "source": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "281493051491934789897437676517916732519",
                "16536246155701564973448811408738863909",
                "170482884151252957689139896393908258054",
                "244202485545224852526398604846366360242",
                "297837186745196421493934701917911463958"
            ],
            "threshold": 0.9
        }
    },
    {
        "deprecated": false,
        "target": {
            "file": "icu4c/source/test/intltest/ustrtest.h"
        },
        "id": "CVE-2020-10531-efe65e00",
        "signature_type": "Line",
        "source": "https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "176032011631701592212894972723462041867",
                "313180536602387946983383287883265241998",
                "253612880278707994326010847370624889941"
            ],
            "threshold": 0.9
        }
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10531.json"