CVE-2013-0900

NameCVE-2013-0900
DescriptionRace condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2786-1
Debian Bugs702346

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icu (PTS)buster63.1-6+deb10u3fixed
buster (security)63.1-6+deb10u2fixed
bullseye67.1-7fixed
bookworm72.1-3fixed
sid, trixie72.1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersource(unstable)25.0.1364.97-1
icusourcesqueeze4.4.1-8+squeeze2DSA-2786-1
icusourcewheezy4.8.1.1-12+deb7u1DSA-2786-1
icusource(unstable)4.8.1.1-12low702346

Notes

[squeeze] - icu <no-dsa> (Minor issue for standalone ICU outside of browser context)
Search for package or bug name: Reporting problems