HistoryEdit

CVE-2022-21658

Time-of-check time-of-use race condition can allow attacker to delete files they do not have access to delete

Issued
Package
std
Type
Vulnerability
Categories
Details
https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
CVSS Score
7.3 HIGH
CVSS Details
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
High
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
Patched
  • >=1.58.1
Affected Functions
Version
std::fs::remove_dir_all
  • <1.58.1

Description

In the standard library in Rust before 1.58.1, an attacker with unprivileged access to a system could trick a privileged program using std::fs::remove_dir_all into deleting files they don't have access to delete by creating a symlink in a directory that would be removed by a std::fs::remove_dir_all call due to a Time-of-check time-of-use race condition around this function's check for symbolic links. The function should remove the symbolic links rather than recursively deleting the linked file or directory.