OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-20 02:21:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for CVE-2022-21658 (#1155)

Browse Source 
Closes: https://github.com/rustsec/advisory-db/issues/1154

Signed-off-by: Jesse Szwedko <jesse@szwedko.me>
This commit is contained in:
Jesse Szwedko
2022-01-20 17:54:24 -08:00
committed by GitHub
parent bf972ed7d4
commit aad861dd0f
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
rust/std/CVE-2022-21658.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "CVE-2022-21658"
package = "std"
categories = ["file-disclosure"]
date = "2021-01-16"
url = "https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html"
cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"
[affected]
[affected.functions]
"std::fs::remove_dir_all" = ["<= 1.58.1"]
[versions]
patched = [">= 1.58.1"]
```
# Time-of-check time-of-use race condition can allow attacker to delete files they do not have access to delete
In the standard library in Rust before 1.58.1, an attacker with unprivileged access to a system could trick a privileged program using `std::fs::remove_dir_all` into deleting files they don't have access to delete by creating a symlink in a directory that would be removed by a `std::fs::remove_dir_all` call due to a Time-of-check time-of-use race condition around this function's check for symbolic links. The function should remove the symbolic links rather than recursively deleting the linked file or directory.