Main Vulnerability Database SB2021110218

SB2021110218 - Security restrictions bypass in Rust Unicode implementation

Published: November 2, 2021 Updated: September 18, 2023

Security Bulletin ID SB2021110218

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2021-42694)

The vulnerability allows an attacker to bypass certain security checks.

The vulnerability exists in the character definitions of the Unicode Specification. The specification allows an attacker to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.

Remediation

Install update from vendor's website.

References

https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html