{"id":"CVE-2020-21913","details":"International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.","modified":"2026-04-10T04:24:32.375196Z","published":"2021-09-20T14:15:08.160Z","related":["SUSE-SU-2022:3140-1","SUSE-SU-2022:3141-1","SUSE-SU-2022:3142-1","SUSE-SU-2023:3563-1","SUSE-SU-2023:3563-2","SUSE-SU-2023:3563-3","SUSE-SU-2025:02079-1","openSUSE-SU-2024:13127-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5014"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00008.html"},{"type":"FIX","url":"https://github.com/unicode-org/icu/pull/886"},{"type":"EVIDENCE","url":"https://unicode-org.atlassian.net/browse/ICU-20850"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unicode-org/icu","events":[{"introduced":"0"},{"fixed":"5f681ecbc75898a6484217b322f3883b6d1b2049"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"66.1"}]}}],"versions":["cldr-32-beta2","last-cvs-commit","last-svn-commit","milestone-59-0-1","milestone-60-0-1","release-59-rc","release-60-rc","release-61-rc","release-62-rc","release-63-rc","release-64-rc","release-65-rc","release-66-preview","release-66-rc"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21913.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}