CVE-2021-42574

Description from NVD

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Information Acquisition Date:2021-11-30T16:40Z
CVSS 2.0: 5.1 MEDIUM CVSS 3.x: 8.3 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:H/Au:N/C:P/I:P/A:P

NVD References

 https://trojansource.codes
     source:MISC
     tags:Exploit    Technical Description    Third Party Advisory    
 http://www.unicode.org/versions/Unicode14.0.0/
     source:MISC
     tags:Release Notes    Vendor Advisory    
 [oss-security] 20211101 CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code
     source:MLIST
     tags:Exploit    Mailing List    Mitigation    Third Party Advisory    
 [oss-security] 20211101 Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code
     source:MLIST
     tags:Exploit    Mailing List    Third Party Advisory    
 [oss-security] 20211102 Re: CVE-2021-42574: rustc 1.56.0 and bidirectional-override codepoints in source code
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20211101 Trojan Source Attacks
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20211102 Re: Trojan Source Attacks
     source:MLIST
     tags:Mailing List    
 FEDORA-2021-0578e23912
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 FEDORA-2021-7ad3a01f6a
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 VU#999008
     source:CERT-VN
     tags:Third Party Advisory    US Government Resource    
 FEDORA-2021-443139f67c
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 https://www.scyon.nl/post/trojans-in-your-source-code
     source:MISC
     tags:

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://confluence.atlassian.com/security/multiple-products...7
http://Hat.Red4
https://github.blog/changelog/2021-10-31-warning-about-bidi...4
https://twitter.com/Linda_pp/status/14550099958508011524
https://trojansource.codes/4
http://scanmycode.today3
https://www.shiomiya.com/posts/rust-fixed-cve-2021-42574/3
https://groups.google.com/g/rustlang-security-announcements...3
https://blog.rust-lang.org/2021/11/01/cve-2021-42574.html3

Information from Twitter

User URL Info Source Date
kzalloc1 https://github.com/tin-z/solidity_CVE-2021-42574-POC Source kzalloc1         1620486397760266240 2023/02/01
Prohacktiv3 https://github.com/tin-z/solidity_CVE-2021-42574-POC Source Prohacktiv3      1620682896121163777 2023/02/01
Prohacktiv3 https://twitter.com/Prohacktiv3/status/1620682896121163777/... Source Prohacktiv3      1620682896121163777 2023/02/01

List of frequently cited URLs

URLNum of Times Referred to
confluence.atlassian.com7
Hat.Red4
github.blog4
twitter.com4
trojansource.codes4
scanmycode.today3
www.shiomiya.com3
groups.google.com3
blog.rust-lang.org3

Information from Twitter

User URL Info Source
kzalloc1 github.com Show Tweet
Prohacktiv3 github.com Show Tweet
Prohacktiv3 twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
js-on/CVE-2021-42574 https://github.com/js-on/CVE-2021-42574
maweil/bidi_char_detector https://github.com/maweil/bidi_char_detector
hffaust/CVE-2021-42574_and_CVE-2021-42694 https://github.com/hffaust/CVE-2021-42574_and_CVE-2021-42694
shiomiyan/CVE-2021-42574 https://github.com/shiomiyan/CVE-2021-42574
pierDipi/unicode-control-characters-action https://github.com/pierDipi/unicode-control-characters-action
GitHub Search Results: Up to 10
NameURL
js-on/CVE-2021-42574 github.com
maweil/bidi_char_detector github.com
hffaust/CVE-2021-42574_and_CVE-2021-42694 github.com
shiomiyan/CVE-2021-42574 github.com
pierDipi/unicode-control-characters-action github.com
2023/02/01 Score : 0
Added Har-sia Database : 2021/11/01
Last Modified : 2023/02/01
Highest Scored Date : 2021/11/02
Highest Score : 68