Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2022-1784
HistoryApr 25, 2022 - 10:57 p.m.

Medium: gcc10, gcc

2022-04-2522:57:00
alas.aws.amazon.com
38

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.1%

JSON

Issue Overview:

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer. (CVE-2021-42574)

Affected Packages:

gcc10, gcc

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update gcc10 to update your system.
Run yum update gcc to update your system.

New Packages:

aarch64:  
    gcc-7.3.1-14.amzn2.aarch64  
    libgcc-7.3.1-14.amzn2.aarch64  
    gcc-c++-7.3.1-14.amzn2.aarch64  
    libstdc++-7.3.1-14.amzn2.aarch64  
    libstdc++-docs-7.3.1-14.amzn2.aarch64  
    gcc-objc-7.3.1-14.amzn2.aarch64  
    gcc-objc++-7.3.1-14.amzn2.aarch64  
    libobjc-7.3.1-14.amzn2.aarch64  
    gcc-gfortran-7.3.1-14.amzn2.aarch64  
    libgfortran-7.3.1-14.amzn2.aarch64  
    libgomp-7.3.1-14.amzn2.aarch64  
    gcc-gdb-plugin-7.3.1-14.amzn2.aarch64  
    libgccjit-7.3.1-14.amzn2.aarch64  
    libgccjit-devel-7.3.1-14.amzn2.aarch64  
    libitm-7.3.1-14.amzn2.aarch64  
    libatomic-7.3.1-14.amzn2.aarch64  
    libsanitizer-7.3.1-14.amzn2.aarch64  
    cpp-7.3.1-14.amzn2.aarch64  
    gcc-gnat-7.3.1-14.amzn2.aarch64  
    libgnat-7.3.1-14.amzn2.aarch64  
    gcc-go-7.3.1-14.amzn2.aarch64  
    libgo-7.3.1-14.amzn2.aarch64  
    gcc-plugin-devel-7.3.1-14.amzn2.aarch64  
    gcc-debuginfo-7.3.1-14.amzn2.aarch64  
    gcc-base-debuginfo-7.3.1-14.amzn2.aarch64  
    gcc10-10.3.1-1.amzn2.0.2.aarch64  
    gcc10-c++-10.3.1-1.amzn2.0.2.aarch64  
    libstdc++10-devel-10.3.1-1.amzn2.0.2.aarch64  
    libstdc++10-docs-10.3.1-1.amzn2.0.2.aarch64  
    gcc10-gdb-plugin-10.3.1-1.amzn2.0.2.aarch64  
    libitm10-devel-10.3.1-1.amzn2.0.2.aarch64  
    libatomic10-devel-10.3.1-1.amzn2.0.2.aarch64  
    libasan10-10.3.1-1.amzn2.0.2.aarch64  
    libasan10-devel-10.3.1-1.amzn2.0.2.aarch64  
    cpp10-10.3.1-1.amzn2.0.2.aarch64  
    gcc10-plugin-devel-10.3.1-1.amzn2.0.2.aarch64  
    gcc10-debuginfo-10.3.1-1.amzn2.0.2.aarch64  
  
i686:  
    gcc-7.3.1-14.amzn2.i686  
    libgcc-7.3.1-14.amzn2.i686  
    gcc-c++-7.3.1-14.amzn2.i686  
    libstdc++-7.3.1-14.amzn2.i686  
    libstdc++-docs-7.3.1-14.amzn2.i686  
    gcc-objc-7.3.1-14.amzn2.i686  
    gcc-objc++-7.3.1-14.amzn2.i686  
    libobjc-7.3.1-14.amzn2.i686  
    gcc-gfortran-7.3.1-14.amzn2.i686  
    libgfortran-7.3.1-14.amzn2.i686  
    libgomp-7.3.1-14.amzn2.i686  
    gcc-gdb-plugin-7.3.1-14.amzn2.i686  
    libgccjit-7.3.1-14.amzn2.i686  
    libgccjit-devel-7.3.1-14.amzn2.i686  
    libquadmath-7.3.1-14.amzn2.i686  
    libitm-7.3.1-14.amzn2.i686  
    libatomic-7.3.1-14.amzn2.i686  
    libsanitizer-7.3.1-14.amzn2.i686  
    libcilkrts-7.3.1-14.amzn2.i686  
    libmpx-7.3.1-14.amzn2.i686  
    cpp-7.3.1-14.amzn2.i686  
    gcc-gnat-7.3.1-14.amzn2.i686  
    libgnat-7.3.1-14.amzn2.i686  
    gcc-go-7.3.1-14.amzn2.i686  
    libgo-7.3.1-14.amzn2.i686  
    gcc-plugin-devel-7.3.1-14.amzn2.i686  
    gcc-debuginfo-7.3.1-14.amzn2.i686  
    gcc-base-debuginfo-7.3.1-14.amzn2.i686  
    gcc10-10.3.1-1.amzn2.0.2.i686  
    gcc10-c++-10.3.1-1.amzn2.0.2.i686  
    libstdc++10-devel-10.3.1-1.amzn2.0.2.i686  
    libstdc++10-docs-10.3.1-1.amzn2.0.2.i686  
    gcc10-gdb-plugin-10.3.1-1.amzn2.0.2.i686  
    libquadmath10-devel-10.3.1-1.amzn2.0.2.i686  
    libitm10-devel-10.3.1-1.amzn2.0.2.i686  
    libatomic10-devel-10.3.1-1.amzn2.0.2.i686  
    libasan10-10.3.1-1.amzn2.0.2.i686  
    libasan10-devel-10.3.1-1.amzn2.0.2.i686  
    cpp10-10.3.1-1.amzn2.0.2.i686  
    gcc10-plugin-devel-10.3.1-1.amzn2.0.2.i686  
    gcc10-debuginfo-10.3.1-1.amzn2.0.2.i686  
  
src:  
    gcc-7.3.1-14.amzn2.src  
    gcc10-10.3.1-1.amzn2.0.2.src  
  
x86_64:  
    gcc-7.3.1-14.amzn2.x86_64  
    libgcc-7.3.1-14.amzn2.x86_64  
    gcc-c++-7.3.1-14.amzn2.x86_64  
    libstdc++-7.3.1-14.amzn2.x86_64  
    libstdc++-docs-7.3.1-14.amzn2.x86_64  
    gcc-objc-7.3.1-14.amzn2.x86_64  
    gcc-objc++-7.3.1-14.amzn2.x86_64  
    libobjc-7.3.1-14.amzn2.x86_64  
    gcc-gfortran-7.3.1-14.amzn2.x86_64  
    libgfortran-7.3.1-14.amzn2.x86_64  
    libgomp-7.3.1-14.amzn2.x86_64  
    gcc-gdb-plugin-7.3.1-14.amzn2.x86_64  
    libgccjit-7.3.1-14.amzn2.x86_64  
    libgccjit-devel-7.3.1-14.amzn2.x86_64  
    libquadmath-7.3.1-14.amzn2.x86_64  
    libitm-7.3.1-14.amzn2.x86_64  
    libatomic-7.3.1-14.amzn2.x86_64  
    libsanitizer-7.3.1-14.amzn2.x86_64  
    libcilkrts-7.3.1-14.amzn2.x86_64  
    libmpx-7.3.1-14.amzn2.x86_64  
    cpp-7.3.1-14.amzn2.x86_64  
    gcc-gnat-7.3.1-14.amzn2.x86_64  
    libgnat-7.3.1-14.amzn2.x86_64  
    gcc-go-7.3.1-14.amzn2.x86_64  
    libgo-7.3.1-14.amzn2.x86_64  
    gcc-plugin-devel-7.3.1-14.amzn2.x86_64  
    gcc-debuginfo-7.3.1-14.amzn2.x86_64  
    gcc-base-debuginfo-7.3.1-14.amzn2.x86_64  
    gcc10-10.3.1-1.amzn2.0.2.x86_64  
    gcc10-c++-10.3.1-1.amzn2.0.2.x86_64  
    libstdc++10-devel-10.3.1-1.amzn2.0.2.x86_64  
    libstdc++10-docs-10.3.1-1.amzn2.0.2.x86_64  
    gcc10-gdb-plugin-10.3.1-1.amzn2.0.2.x86_64  
    libquadmath10-devel-10.3.1-1.amzn2.0.2.x86_64  
    libitm10-devel-10.3.1-1.amzn2.0.2.x86_64  
    libatomic10-devel-10.3.1-1.amzn2.0.2.x86_64  
    libasan10-10.3.1-1.amzn2.0.2.x86_64  
    libasan10-devel-10.3.1-1.amzn2.0.2.x86_64  
    cpp10-10.3.1-1.amzn2.0.2.x86_64  
    gcc10-plugin-devel-10.3.1-1.amzn2.0.2.x86_64  
    gcc10-debuginfo-10.3.1-1.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2021-42574

Mitre: CVE-2021-42574

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64gcc< 7.3.1-14.amzn2gcc-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64libgcc< 7.3.1-14.amzn2libgcc-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-c++< 7.3.1-14.amzn2gcc-c++-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64libstdc++< 7.3.1-14.amzn2libstdc++-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64libstdc++-docs< 7.3.1-14.amzn2libstdc++-docs-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-objc< 7.3.1-14.amzn2gcc-objc-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-objc++< 7.3.1-14.amzn2gcc-objc++-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64libobjc< 7.3.1-14.amzn2libobjc-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64gcc-gfortran< 7.3.1-14.amzn2gcc-gfortran-7.3.1-14.amzn2.aarch64.rpm
Amazon Linux2aarch64libgfortran< 7.3.1-14.amzn2libgfortran-7.3.1-14.amzn2.aarch64.rpm
Rows per page:
1-10 of 1191

Related

oraclelinux 12
nessus 90
veracode 1
osv 22
githubexploit 4
redhat 24
openvas 8
rocky 7
centos 1
fedora 3
atlassian 11
almalinux 8
debiancve 1
mageia 1
alpinelinux 1
ubuntucve 1
cve 1
f5 1
prion 1
photon 1
oraclelinux
oraclelinux
binutils security update
2021-11-18 00:00:00
gcc security update
2021-11-18 00:00:00
gcc-toolset-11-binutils security update
2021-11-18 00:00:00
nessus
nessus
Rocky Linux 8 : gcc-toolset-11-binutils (RLSA-2021:4594)
2023-11-06 00:00:00
RHEL 7 : rust-toolset-1.54-rust (RHSA-2021:4694)
2021-11-17 00:00:00
CentOS 8 : gcc (CESA-2021:4587)
2021-11-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-11-05 01:37:30
osv
osv
Moderate: gcc-toolset-11-binutils security update
2021-11-10 08:40:25
Moderate: gcc-toolset-10-annobin security update
2021-11-10 08:39:32
Moderate: gcc security update
2021-11-10 08:34:56
githubexploit
githubexploit
Exploit for Code Injection in Unicode
2021-11-01 13:05:48
Exploit for Code Injection in Unicode
2023-01-31 18:15:00
Exploit for Code Injection in Unicode
2021-12-11 07:23:17
redhat
redhat
(RHSA-2021:4602) Moderate: binutils security update
2021-11-10 08:58:55
(RHSA-2021:4601) Moderate: binutils security update
2021-11-10 08:55:41
(RHSA-2021:4600) Moderate: annobin security update
2021-11-10 08:54:53
openvas
openvas
Fedora: Security Advisory for rust (FEDORA-2021-0578e23912)
2021-11-06 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2022-1603)
2022-05-05 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2022-1262)
2022-03-02 00:00:00
rocky
rocky
binutils security update
2021-11-10 08:41:52
gcc-toolset-11-binutils security update
2021-11-10 08:40:25
rust-toolset:rhel8 security update
2021-11-10 08:37:57
centos
centos
binutils security update
2021-11-17 15:07:33
fedora
fedora
[SECURITY] Fedora 34 Update: rust-1.56.1-1.fc34
2021-11-04 01:34:43
[SECURITY] Fedora 35 Update: rust-1.56.1-1.fc35
2021-11-05 01:08:45
[SECURITY] Fedora 33 Update: rust-1.56.1-1.fc33
2021-11-11 01:22:52
atlassian
atlassian
Unicode characters allow malicious code to be hidden from a human reviewer (Jira Server) - CVE-2021-42574
2021-11-01 21:59:47
Unicode characters allow malicious code to be hidden from a human reviewer (JSM Server & Insight asset management App) - CVE-2021-42574
2021-11-01 22:27:17
Unicode characters allow malicious code to be hidden from a human reviewer (Bamboo) - CVE-2021-42574
2021-11-02 23:00:07
almalinux
almalinux
Moderate: gcc security update
2021-11-10 08:34:56
Moderate: rust-toolset:rhel8 security update
2021-11-10 08:37:57
Moderate: annobin security update
2021-11-10 08:39:41
debiancve
debiancve
CVE-2021-42574
2021-11-01 04:15:00
mageia
mageia
Updated rust packages fix security vulnerability
2021-11-20 22:31:06
alpinelinux
alpinelinux
CVE-2021-42574
2021-11-01 04:15:00
ubuntucve
ubuntucve
CVE-2021-42574
2021-11-01 00:00:00
cve
cve
CVE-2021-42574
2021-11-01 04:15:00
f5
f5
K74013101 : Binutils vulnerability CVE-2021-42574
2022-02-01 00:00:00
prion
prion
Design/Logic Flaw
2021-11-01 04:15:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0122
2021-11-01 00:00:00

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.1%

JSON
Related for ALAS2-2022-1784
oraclelinux12nessus90veracode1osv22githubexploit4redhat24openvas8rocky7centos1fedora3atlassian11almalinux8debiancve1mageia1alpinelinux1ubuntucve1cve1f51prion1photon1