CVE-2022-21658

🗓️ 20 Jan 2022 14:36:34Reported by redhat.comType

A race condition flaw in Rust's std::fs::remove_dir_all function may allow unprivileged attackers to trick the application into deleting files and directories, impacting system data integrity

Reporter	Title	Published	Views	Family All 175
Tenable Nessus	Amazon Linux 2 : rust (ALAS-2022-1817)	15 Jul 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0217: rust-toolset:rhel8 (ALINUX3-SA-2022:0217)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : rust-toolset:rhel8 (ALSA-2022:1894)	13 May 202200:00	–	nessus
Tenable Nessus	Apple iOS < 15.4 Multiple Vulnerabilities (HT213182)	16 Mar 202200:00	–	nessus
Tenable Nessus	CentOS 8 : rust-toolset:rhel8 (CESA-2022:1894)	10 May 202200:00	–	nessus
Tenable Nessus	Fedora 36 : rust-afterburn / rust-askalono-cli / rust-below / rust-cargo-c / etc (2022-ea721afd66)	14 Nov 202400:00	–	nessus
Tenable Nessus	FreeBSD : Rust -- Race condition enabling symlink following (ee26f513-826e-11ec-8be6-d4c9ef517024)	31 Jan 202200:00	–	nessus
Tenable Nessus	GLSA-202210-09 : Rust: Multiple Vulnerabilities	16 Oct 202200:00	–	nessus
Tenable Nessus	MiracleLinux 8 : rust-toolset:rhel8 (AXSA:2022-3550:02)	20 Jan 202600:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : rust1.56 (openSUSE-SU-2022:0149-1)	22 Jan 202200:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-21658
github	www.github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

26 Mar 2024 00:57Current

2.5Low risk

Vulners AI Score2.5

CVSS 23.3

CVSS 3.15.3 - 7.3

EPSS0.01376

SSVC