#VU57849 Input validation error in Unicode - CVE-2021-42694
Published: November 2, 2021 / Updated: September 18, 2023
Vulnerability identifier: #VU57849
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2021-42694
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Unicode
Unicode
Software vendor:
Unicode inc.
Unicode inc.
Description
The vulnerability allows an attacker to bypass certain security checks.
The vulnerability exists in the character definitions of the Unicode Specification. The specification allows an attacker to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.