icu: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531)

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

References:

https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
h ttps://unicode-org.atlassian.net/browse/ICU-20958
https://github.com/unicode-org/icu/pull/971

Patch:

https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca

Affected branches:

Edited Apr 02, 2020 by Natanael Copa

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information