CVE-2020-21913
published 2021-09-20CVE-2020-21913: International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file…
PriorityP418medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.13%
62.4th percentile
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | icu | < icu 67.1-2 (bookworm) | icu 67.1-2 (bookworm) |
| unicode | international_components_for_unicode | < 66.1 | 66.1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Ubuntu
ICU vulnerability
vendor_ubuntu·2021-11-04
CVE-2020-21913 ICU vulnerability
Title: ICU vulnerability
Summary: ICU could be made to crash if it received specially crafted
input.
It was discovered that ICU contains a use after free issue.
An attacker could use this issue to cause a denial of service with crafted input.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp
vendor_redhat·2021-09-20·CVSS 5.5
CVE-2020-21913 [MEDIUM] CWE-416 icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp
icu: Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
A use after free flaw was discovered in the International Components for Unicode (icu) file tools package pkgdata. The highest threat from this vulnerability is to system availability.
Package: com.ibm.icu (Red Hat build of OpenJDK 11) - Not affected
Package: icu (Red Hat Enterprise Linux 6) - Not affected
Package: icu4j (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 6) - Not affected
Package:
Debian
CVE-2020-21913: icu - International Components for Unicode (ICU-20850) v66.1 was discovered to contain...
vendor_debian·2020·CVSS 5.5
CVE-2020-21913 [MEDIUM] CVE-2020-21913: icu - International Components for Unicode (ICU-20850) v66.1 was discovered to contain...
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
Scope: local
bookworm: resolved (fixed in 67.1-2)
bullseye: resolved (fixed in 67.1-2)
forky: resolved (fixed in 67.1-2)
sid: resolved (fixed in 67.1-2)
trixie: resolved (fixed in 67.1-2)
GHSA
GHSA-3vq4-8jw3-cwr6: International Components for Unicode (ICU-20850) v66
ghsa_unreviewed·2022-05-24
CVE-2020-21913 [MEDIUM] CWE-416 GHSA-3vq4-8jw3-cwr6: International Components for Unicode (ICU-20850) v66
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
OSV
CVE-2020-21913: International Components for Unicode (ICU-20850) v66
osv·2021-09-20·CVSS 5.5
CVE-2020-21913 [MEDIUM] CVE-2020-21913: International Components for Unicode (ICU-20850) v66
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/unicode-org/icu/pull/886https://lists.debian.org/debian-lts-announce/2021/10/msg00008.htmlhttps://unicode-org.atlassian.net/browse/ICU-20850https://www.debian.org/security/2021/dsa-5014https://github.com/unicode-org/icu/pull/886https://lists.debian.org/debian-lts-announce/2021/10/msg00008.htmlhttps://unicode-org.atlassian.net/browse/ICU-20850https://www.debian.org/security/2021/dsa-5014
2021-09-20
Published