HistoryEditJSON (OSV)

CVE-2022-21658

Time-of-check time-of-use race condition can allow attacker to delete files they do not have access to delete

Reported
Issued
Package
std
Type
Vulnerability
Categories
References
CVSS Score
7.3 HIGH
CVSS Details
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
Patched
  • >=1.58.1
Affected Functions
Version
std::fs::remove_dir_all
  • <1.58.1

Description

In the standard library in Rust before 1.58.1, an attacker with unprivileged access to a system could trick a privileged program using std::fs::remove_dir_all into deleting files they don't have access to delete by creating a symlink in a directory that would be removed by a std::fs::remove_dir_all call due to a Time-of-check time-of-use race condition around this function's check for symbolic links. The function should remove the symbolic links rather than recursively deleting the linked file or directory.

Advisory available under CC0-1.0 license.