CVE-2020-10531 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Vendor	Product	Version
icu-project	international_components_for_unicode	𝑥 ≤ 66.1
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0
google	chrome	𝑥 < 80.0.3987.122
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
oracle	banking_extensibility_workbench	14.3.0
oracle	banking_extensibility_workbench	14.4.0
nodejs	node.js	10.0.0 ≤ 𝑥 ≤ 10.12.0
nodejs	node.js	10.13.0 ≤ 𝑥 < 10.21.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

icu

bullseye	67.1-7 fixed
bookworm	72.1-3 fixed
sid	72.1-5 fixed
trixie	72.1-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

eoan	not-affected
bionic	Fixed 80.0.3987.149-0ubuntu0.18.04.1 released
xenial	Fixed 80.0.3987.149-0ubuntu0.16.04.1 released
trusty	dne

icu

eoan	Fixed 63.2-2ubuntu0.1 released
bionic	Fixed 60.2-3ubuntu3.1 released
xenial	Fixed 55.1-7ubuntu0.5 released
trusty	Fixed 52.1-3ubuntu0.8+esm1 released

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html

https://access.redhat.com/errata/RHSA-2020:0738

https://bugs.chromium.org/p/chromium/issues/detail?id=1044570

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08

https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca

https://github.com/unicode-org/icu/pull/971

https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/

https://security.gentoo.org/glsa/202003-15

https://unicode-org.atlassian.net/browse/ICU-20958

https://usn.ubuntu.com/4305-1/

https://www.debian.org/security/2020/dsa-4646

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujan2021.html

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html

https://access.redhat.com/errata/RHSA-2020:0738

https://bugs.chromium.org/p/chromium/issues/detail?id=1044570

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08

https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca

https://github.com/unicode-org/icu/pull/971

https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/

https://security.gentoo.org/glsa/202003-15

https://unicode-org.atlassian.net/browse/ICU-20958

https://usn.ubuntu.com/4305-1/

https://www.debian.org/security/2020/dsa-4646

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpujan2021.html