CVE-2013-0900

NameCVE-2013-0900
DescriptionRace condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2786-1
NVD severitymedium
Debian Bugs702346

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)stretch70.0.3538.110-1~deb9u1fixed
stretch (security)71.0.3578.80-1~deb9u1fixed
icu (PTS)stretch57.1-6+deb9u3fixed
stretch (security)57.1-6+deb9u4fixed
buster, buster (security)63.1-6+deb10u1fixed
bullseye, sid67.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)25.0.1364.97-1
chromium-browsersourcesqueeze(unfixed)end-of-life
icusource(unstable)4.8.1.1-12low702346
icusourcesqueeze4.4.1-8+squeeze2DSA-2786-1
icusourcewheezy4.8.1.1-12+deb7u1DSA-2786-1

Notes

[squeeze] - icu <no-dsa> (Minor issue for standalone ICU outside of browser context)

Search for package or bug name: Reporting problems