CVE-2025-5222 (HIGH): detected in Lambda Docker Images. #300
Description
CVE Details
| CVE ID | Severity | Affected Package | Installed Version | Fixed Version | Date Published | Date of Scan |
|---|---|---|---|---|---|---|
| CVE-2025-5222 | HIGH |
libicu |
50.2-4.amzn2.0.1 |
50.2-4.amzn2.0.2 |
2025-05-27T21:15:23.03Z |
2025-07-11T10:18:23.835653283Z |
Affected Docker Images
| Image Name | SHA |
|---|---|
public.ecr.aws/lambda/provided:al2 |
public.ecr.aws/lambda/provided@sha256:d39eda8d1c110144e0feee067983748977740d7ed762f62c3b6bd1cc9cb273ae |
public.ecr.aws/lambda/python:3.11 |
public.ecr.aws/lambda/python@sha256:912cac63b29abd4aacda5ad692ed446546645cba2f63cf4fe1ceb4f14e027db7 |
public.ecr.aws/lambda/python:3.10 |
public.ecr.aws/lambda/python@sha256:c147fdaabc6f0d04865cd90c5dc3e003752f56cd80629969aaf488deb518ecdd |
public.ecr.aws/lambda/python:3.9 |
public.ecr.aws/lambda/python@sha256:0c2a8abfc1dd62b659c38fb6a2565a2f5ed813fc50d97e15b314870d30740c13 |
public.ecr.aws/lambda/nodejs:18 |
public.ecr.aws/lambda/nodejs@sha256:7dada19aee6ba7e2982d8e1def41f7c62b74ad98d6a0f8b64948577b3b744287 |
public.ecr.aws/lambda/java:17 |
public.ecr.aws/lambda/java@sha256:7cd0fff05ba4a71eb4d4738f98ed606e80eb9a6ad0ba58baf994ac7164dd75fd |
public.ecr.aws/lambda/java:11 |
public.ecr.aws/lambda/java@sha256:be0f5e753e1880f4ff6ab6acdf9bd6d429de449a596bef335ed4d6c65cf8f95a |
public.ecr.aws/lambda/java:8.al2 |
public.ecr.aws/lambda/java@sha256:884a89c7ad7f91a94208bb1000866c6044934ea45c9a6eda278ba6890ac4bc32 |
public.ecr.aws/lambda/dotnet:latest |
public.ecr.aws/lambda/dotnet@sha256:a5f3cb91410ad519afe3e6288ae907b858f9c72f14f8ef132c6f9601bb12e4e2 |
public.ecr.aws/lambda/dotnet:9 |
public.ecr.aws/lambda/dotnet@sha256:a5f3cb91410ad519afe3e6288ae907b858f9c72f14f8ef132c6f9601bb12e4e2 |
public.ecr.aws/lambda/dotnet:8 |
public.ecr.aws/lambda/dotnet@sha256:b4c341b9f9ec10d193593a524fd7b13ba30df390cf3075d1e59a52ba33f92d3a |
public.ecr.aws/lambda/ruby:3.2 |
public.ecr.aws/lambda/ruby@sha256:3f3adc4791500303f2fa7451246c42309bccc9bbf7fb24f071b07991e2c509dd |
Description
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
Remediation Steps
- Update the affected package
libicufrom version50.2-4.amzn2.0.1to50.2-4.amzn2.0.2.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.