CVE-2013-0900

NameCVE-2013-0900
DescriptionRace condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2786-1
NVD severitymedium
Debian Bugs702346

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie, jessie (lts)57.0.2987.98-1~deb8u1fixed
stretch70.0.3538.110-1~deb9u1fixed
stretch (security)71.0.3578.80-1~deb9u1fixed
icu (PTS)jessie, jessie (lts)52.1-8+deb8u9fixed
stretch57.1-6+deb9u4fixed
stretch (security)57.1-6+deb9u5fixed
buster63.1-6+deb10u1fixed
buster (security)63.1-6+deb10u2fixed
sid, bookworm, bullseye67.1-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersource(unstable)25.0.1364.97-1
icusourcesqueeze4.4.1-8+squeeze2DSA-2786-1
icusourcewheezy4.8.1.1-12+deb7u1DSA-2786-1
icusource(unstable)4.8.1.1-12low702346

Notes

[squeeze] - icu <no-dsa> (Minor issue for standalone ICU outside of browser context)

Search for package or bug name: Reporting problems