CVE-2020-21913

International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
unicodeinternational_components_for_unicode
𝑥
< 66.1
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
icu
bookworm
72.1-3
fixed
bullseye
67.1-7
fixed
sid
72.1-5
fixed
trixie
72.1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
bionic
not-affected
focal
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
dne
xenial
not-affected
icu
bionic
Fixed 60.2-3ubuntu3.2
released
focal
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
Fixed 52.1-3ubuntu0.8+esm2
released
xenial
Fixed 55.1-7ubuntu0.5+esm1
released
mozjs38
bionic
not-affected
focal
dne
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
mozjs52
bionic
not-affected
focal
not-affected
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
mozjs68
bionic
dne
focal
not-affected
hirsute
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
mozjs78
bionic
dne
focal
dne
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
dne
xenial
dne
thunderbird
bionic
not-affected
focal
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libicu-devel
suse enterprise desktop 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP4
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP4
65.1-150200.4.15.1
fixed
suse enterprise sap 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP2
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP3
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP4
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP7
65.1-150200.4.5.1
fixed
libicu-doc
suse enterprise sap 12 SP5
52.1-8.13.1
fixed
suse enterprise server 12 SP3
52.1-8.13.1
fixed
suse enterprise server 12 SP5
52.1-8.13.1
fixed
libicu-suse65_1
suse enterprise desktop 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP4
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP4
65.1-150200.4.15.1
fixed
suse enterprise sap 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP2
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP3
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP4
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP7
65.1-150200.4.5.1
fixed
libicu-suse65_1-32bit
suse enterprise server 15 SP3
65.1-150200.4.15.1
fixed
libicu52_1
suse enterprise sap 12 SP5
52.1-8.13.1
fixed
suse enterprise server 12 SP3
52.1-8.13.1
fixed
suse enterprise server 12 SP5
52.1-8.13.1
fixed
libicu52_1-32bit
suse enterprise sap 12 SP5
52.1-8.13.1
fixed
suse enterprise server 12 SP3
52.1-8.13.1
fixed
suse enterprise server 12 SP5
52.1-8.13.1
fixed
libicu52_1-data
suse enterprise sap 12 SP5
52.1-8.13.1
fixed
suse enterprise server 12 SP3
52.1-8.13.1
fixed
suse enterprise server 12 SP5
52.1-8.13.1
fixed
libicu60_2
suse enterprise desktop 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise desktop 15 SP7
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP3
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP4
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP5
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP7
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP3
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP4
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP5
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP7
60.2-150000.3.12.1
fixed
libicu60_2-bedata
suse enterprise desktop 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise desktop 15 SP7
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP3
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP4
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP5
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP7
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP3
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP4
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP5
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP7
60.2-150000.3.12.1
fixed
libicu60_2-ledata
suse enterprise desktop 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise desktop 15 SP7
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP3
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP4
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP5
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise sap 15 SP7
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP3
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP4
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP5
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP6
60.2-150000.3.12.1
fixed
suse enterprise server 15 SP7
60.2-150000.3.12.1
fixed
libicu65_1-bedata
suse enterprise desktop 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP4
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP4
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP3
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP4
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP7
65.1-150200.4.5.1
fixed
libicu65_1-ledata
suse enterprise desktop 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP4
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise desktop 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP3
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP4
65.1-150200.4.15.1
fixed
suse enterprise sap 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise sap 15 SP7
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP2
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP3
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP4
65.1-150200.4.15.1
fixed
suse enterprise server 15 SP5
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP6
65.1-150200.4.5.1
fixed
suse enterprise server 15 SP7
65.1-150200.4.5.1
fixed
libicu73_2
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-bedata
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-devel
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-doc
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
libicu73_2-ledata
suse enterprise desktop 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise desktop 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise sap 15 SP7
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP1
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP2
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP3
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP4
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP5
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP6
73.2-150000.1.3.1
fixed
suse enterprise server 15 SP7
73.2-150000.1.3.1
fixed
Common Weakness Enumeration
References
https://github.com/unicode-org/icu/pull/886
https://lists.debian.org/debian-lts-announce/2021/10/msg00008.html
https://unicode-org.atlassian.net/browse/ICU-20850
https://www.debian.org/security/2021/dsa-5014
https://github.com/unicode-org/icu/pull/886
https://lists.debian.org/debian-lts-announce/2021/10/msg00008.html
https://unicode-org.atlassian.net/browse/ICU-20850
https://www.debian.org/security/2021/dsa-5014