On Tue, May 27, 2025 at 9:39 PM Salvatore Bonaccorso <car...@debian.org> wrote: > CVE-2025-5222[0]: > | Stack buffer overflow in the SRBRoot::addTag function The bad thing is, I chose not to sleep in the evening. The good thing is I have found a fix [1]. The bad thing is this is a fix for another serious issue [2] which still is not public. But cut this bad-good thing. I've confirmed this fix the mentioned CVE, being a slightly similar issue. The CVE mentions the tag (which is a const char *) and the mentioned fix might handle its usage a level deeper in the subtag variable. The latter is no longer a fixed size, but a helper class called CharString which seems to handle such misuse the bug invokes. In my tests the stack is no longer corrupted. It's up to the Security Team if they know more about the other bug or not. For the moment I tend to say the fix of that one fixes this one as well. May I wait for something? Trixie release is coming soon.
Regards, Laszlo/GCS [1] https://github.com/unicode-org/icu/commit/2c667e31cfd0b6bb1923627a932fd3453a5bac77 [2] https://unicode-org.atlassian.net/browse/ICU-22973
