CVE-2020-21913 — Use After Free in International Components FOR Unicode

CWE-416 — Use After Free7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 72.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unicode International Components FOR Unicode Debian ICU Debian Linux

Timeline

PublishedSep 20

Latest updateDec 14

Description

International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDunicode/international_components< 66.1

▶debiandebian/icu< icu 67.1-2 (bookworm)

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-3vq4-8jw3-cwr6: International Components for Unicode (ICU-20850) v66↗2022-05-24

▶

OSV

CVE-2020-21913: International Components for Unicode (ICU-20850) v66↗2021-09-20

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1↗2023-12-14

▶

Ubuntu

ICU vulnerability↗2021-11-04

▶

Red Hat

icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp↗2021-09-20

▶

Debian

CVE-2020-21913: icu - International Components for Unicode (ICU-20850) v66.1 was discovered to contain...↗2020

▶