Input validation error in Unicode - CVE-2021-42694
Published: November 2, 2021 / Updated: September 18, 2023
Vulnerability identifier: #VU57849
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2021-42694
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Unicode inc.
Affected software:
Unicode
Unicode
Detailed vulnerability description
The vulnerability allows an attacker to bypass certain security checks.
The vulnerability exists in the character definitions of the Unicode Specification. The specification allows an attacker to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.
How to mitigate CVE-2021-42694
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.