Use After Free Vulnerability in ICU Affects Multiple Platforms
CVE-2020-21913

5.5MEDIUM

Key Information:

Vendor

Unicode

Status
International Components For Unicode
Vendor
CVE Published:
20 September 2021

What is CVE-2020-21913?

A use after free vulnerability was identified in the International Components for Unicode (ICU) version 66.1, specifically in the pkg_createWithAssemblyCode function within tools/pkgdata/pkgdata.cpp. This flaw could potentially allow an attacker to exploit memory corruption issues, leading to unexpected behaviors and possible execution of arbitrary code. It is crucial for users running affected versions to apply necessary updates or patches to mitigate the risk associated with this vulnerability. For more information, users are encouraged to check the related advisories and security updates.

References

https://unicode-org.atlassian.net/browse/ICU-20850
x_refsource_MISC
https://github.com/unicode-org/icu/pull/886
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/10/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.