SB2021110202 - Improper input validation in Unicode character definitions

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021110202

SB2021110202 - Improper input validation in Unicode character definitions

Published: November 2, 2021 Updated: September 18, 2023

Security Bulletin ID SB2021110202
Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Input validation error (CVE-ID: CVE-2021-42694)

The vulnerability allows an attacker to bypass certain security checks.

The vulnerability exists in the character definitions of the Unicode Specification. The specification allows an attacker to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References