CVE-2020-21913: Use After Free
Published Sep 20, 2021
·Updated
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkgcreateWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
Affected Software
4 affected componentsFixes available
debian/icu
63.1-6+deb10u363.1-6+deb10u267.1-772.1-372.1-4
Unicode International Components for Unicode<66.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Remediation
Patch Available
Event History
Sep 20, 2021
CVE Published
via MITRE·01:55 PM
Data Sourced
via MITRE·01:55 PM
Description
Frequently Asked Questions
1
What is the vulnerability ID?
The vulnerability ID is CVE-2020-21913.
2
What is the severity of CVE-2020-21913?
The severity of CVE-2020-21913 is medium with a severity value of 5.5.
3
Which software is affected by CVE-2020-21913?
The affected software is International Components for Unicode (ICU) version 66.1 and Debian Linux version 9.0 and 10.0.
4
What is the vulnerability description of CVE-2020-21913?
CVE-2020-21913 is a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp in International Components for Unicode (ICU) version 66.1.
5
How can I fix CVE-2020-21913?
To fix CVE-2020-21913, update the affected software to the recommended versions: ICU version 63.1-6+deb10u3, 63.1-6+deb10u2, 67.1-7, 72.1-3, or 72.1-4.