CVE-2020-21913

International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
unicodeinternational_components_for_unicode
𝑥
< 66.1
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
icu
bullseye
67.1-7
fixed
bookworm
72.1-3
fixed
sid
72.1-5
fixed
trixie
72.1-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
jammy
not-affected
impish
not-affected
hirsute
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
icu
jammy
not-affected
impish
not-affected
hirsute
not-affected
focal
not-affected
bionic
Fixed 60.2-3ubuntu3.2
released
xenial
Fixed 55.1-7ubuntu0.5+esm1
released
trusty
Fixed 52.1-3ubuntu0.8+esm2
released
mozjs38
jammy
dne
impish
dne
hirsute
dne
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
mozjs52
jammy
dne
impish
dne
hirsute
dne
focal
not-affected
bionic
not-affected
xenial
dne
trusty
dne
mozjs68
jammy
dne
impish
dne
hirsute
dne
focal
not-affected
bionic
dne
xenial
dne
trusty
dne
mozjs78
jammy
not-affected
impish
not-affected
hirsute
not-affected
focal
dne
bionic
dne
xenial
dne
trusty
dne
thunderbird
jammy
not-affected
impish
not-affected
hirsute
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://github.com/unicode-org/icu/pull/886
https://lists.debian.org/debian-lts-announce/2021/10/msg00008.html
https://unicode-org.atlassian.net/browse/ICU-20850
https://www.debian.org/security/2021/dsa-5014
https://github.com/unicode-org/icu/pull/886
https://lists.debian.org/debian-lts-announce/2021/10/msg00008.html
https://unicode-org.atlassian.net/browse/ICU-20850
https://www.debian.org/security/2021/dsa-5014