CVE STALKER

CVE-2022-21658

CVSS
DESCRIPTIONRust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions.
HEAT SCORE334

WORDS

TWEETS

DATE TWEETS USER
2022-03-25 15:23:57🚨 NEW: CVE-2022-21658 🚨 Rust is a multi-paradigm, general-purpose programming language designed for performance and… https://t.co/iMxTZk5tov https://twitter.com/i/web/status/1507375065037475840threatintelctr
2022-02-14 12:50:21🚨 NEW: CVE-2022-21658 🚨 Rust is a multi-paradigm, general-purpose programming language designed for performance and… https://t.co/ZjdOT5LRzV https://twitter.com/i/web/status/1493204179812294656threatintelctr
2022-02-09 04:50:23🚨 NEW: CVE-2022-21658 🚨 Rust is a multi-paradigm, general-purpose programming language designed for performance and… https://t.co/4FGM1ifUNK https://twitter.com/i/web/status/1491271449751035904threatintelctr
2022-02-06 10:40:05CVE-2022-21658 The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library functi… https://t.co/fNYMP29zl7 https://twitter.com/i/web/status/1490271895337508867VulmonFeeds
2022-01-31 20:30:53New post from https://t.co/9KYxtdZjkl (CVE-2022-21658 (fedora, rust)) has been published on https://t.co/QXBGspz6Ew http://www.sesin.at https://www.sesin.at/2022/01/31/cve-2022-21658-fedora-rust/www_sesin_at
2022-01-31 20:20:34New post from https://t.co/uXvPWJy6tj (CVE-2022-21658 (fedora, rust)) has been published on https://t.co/biu8a2RYNg http://www.sesin.at https://www.sesin.at/2022/01/31/cve-2022-21658-fedora-rust/WolfgangSesin
2022-01-31 18:20:24🚨 NEW: CVE-2022-21658 🚨 Rust is a multi-paradigm, general-purpose programming language designed for performance and… https://t.co/Ah0TbLwOd2 https://twitter.com/i/web/status/1488213795688304648threatintelctr
2022-01-30 17:50:33#Rust #Automated | Security advisory for the standard library (CVE-2022-21658) https://t.co/XhJzHaYVpH https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlhasdid
2022-01-26 22:52:16#SANSNewsBites #CyberSecurity #Automated | Security advisory for the standard library (CVE-2022-21658) https://t.co/XhJzHaYVpH https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlhasdid
2022-01-26 18:14:30[Security] Rebuild on Rust >= 1.58.1 to address CVE-2022-21658 https://t.co/YLHkyyX8PQ #github #Rust #Shell #Nix #Dockerfile #Makefile https://github.com/wasmCloud/wash/issues/231first_issues
2022-01-26 11:53:12"RT @TheHackersNews: A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attack… https://t.co/DJ8JjYgHt2 https://twitter.com/i/web/status/1486303612867334145trip_elix
2022-01-25 11:00:12Rust修補可被刪除檔案及目錄的安全漏洞 https://t.co/rl7bZrlUuf 知名程式語言Rust上周修補了一個允許駭客逕自刪除檔案與目錄的安全漏洞CVE-2022-21658,建議所有用戶升級到Rust 1.58.1… https://t.co/sEaHYnSTAp https://www.ithome.com.tw/news/149063 https://twitter.com/i/web/status/1485926962749382657M157q_News_RSS
2022-01-25 03:50:15🚨 NEW: CVE-2022-21658 🚨 Rust is a multi-paradigm, general-purpose programming language designed for performance and… https://t.co/pA8fNcuiy5 https://twitter.com/i/web/status/1485820525729521666threatintelctr
2022-01-25 02:40:19The maintainers of #Rust have released a #security update for a high-severity #vulnerability (CVE-2022-21658).… https://t.co/ZWWmf1UNmN https://twitter.com/i/web/status/1485800350594613249twelvesec
2022-01-24 20:00:07A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privile… https://t.co/TyIFJLES3I https://twitter.com/i/web/status/1485703450222637067YourAnonRiots
2022-01-24 18:30:33A new high-severity vulnerability (CVE-2022-21658) in Rust programming could allow an attacker to trick a privilege… https://t.co/a6YP0JtPsU https://twitter.com/i/web/status/1485675195687911426ksg93rd
2022-01-24 14:31:01⚠️ Una nueva vulnerabilidad de gravedad alta (CVE-2022-21658) en el lenguaje de programación Rust podría permitir q… https://t.co/xM0nBq62CE https://twitter.com/i/web/status/1485612326199992325jpcarsi
2022-01-24 14:20:56Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-21658: 1.2M (audience size) CVE-2022-0185: 236.1K CVE-2022-23… https://t.co/CZKO33SlCO https://twitter.com/i/web/status/1485613365775028228CVEtrends
2022-01-24 12:20:13Rust: Security advisory for the standard library (CVE-2022-21658) #cybersecurity https://t.co/eM0Cp426mt https://buff.ly/351pRmkCybSec4
2022-01-24 11:20:09A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privile… https://t.co/4quwTQG6rf https://twitter.com/i/web/status/1485571581363429376security_wang
2022-01-24 09:20:09A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privile… https://t.co/1gR65sd4iI https://twitter.com/i/web/status/1485541382307549185Swati_THN
2022-01-24 08:40:15"CVE-2022-21658 (CVSS score: 7.3),"ohhara_shiojiri
2022-01-24 08:40:08A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privile… https://t.co/B2iX2MGBHn https://twitter.com/i/web/status/1485532673657679875beingsheerazali
2022-01-24 08:22:59A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privile… https://t.co/nWDsTXOMQK https://twitter.com/i/web/status/1485526282792161281unix_root
2022-01-24 08:22:43Security advisory for the standard library (CVE-2022-21658) https://t.co/hPkdV3a2CL #cybersecurity #infosec… https://t.co/zvBKRXBfQJ https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html https://twitter.com/i/web/status/1485526343836213254PentestingN
2022-01-24 07:51:20A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privile… https://t.co/DqKSoemdjB https://twitter.com/i/web/status/1485518114783588353maqdamyasir
2022-01-24 07:11:08Vulnerabilidad grave (CVE-2022-21658) en la programación de Rust podría permitir que un atacante engañe a un progra… https://t.co/iUrnP8mewF https://twitter.com/i/web/status/1485508757530501125Mr__TechX
2022-01-24 07:10:54A new high-severity #vulnerability (CVE-2022-21658) in Rust programming could allow an attacker to trick a privileg… https://t.co/WBO8Tj9gSF https://twitter.com/i/web/status/1485509025949122560Hackeramod
2022-01-24 07:01:02A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privile… https://t.co/2n9J25Emxl https://twitter.com/i/web/status/1485506113630277636TheHackersNews
2022-01-24 07:00:20"A new high-severity #vulnerability (CVE-2022-21658) in #Rust programming could allow an attacker to trick a privil… https://t.co/tF4ZoGMgLV https://twitter.com/i/web/status/1485507101841629189trip_elix
2022-01-24 02:40:58Race condition in the Rust standard library (CVE-2022-21658): Posted by Pietro Albini on Jan 20The Rust Security Re… https://t.co/I8q273Evbp https://twitter.com/i/web/status/1485439730883850241oss_security
2022-01-23 17:20:05Rust update 1.58.1 patches CVE-2022-21658 where an attacker could exploit a privileged program into deleting files… https://t.co/Mtu9X14t3x https://twitter.com/i/web/status/1485299790388862988CarpeDiemT3ch
2022-01-23 11:00:23Security advisory for the standard library (CVE-2022-21658) | Rust Blog https://t.co/2sJ1LZeGzm https://ift.tt/3tFhLKxmagiauk
2022-01-23 06:10:34Rust – Security advisory for the standard library (CVE-2022-21658) https://t.co/4KNSgz7qIF https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlangsuman
2022-01-23 00:50:05@DanielMicay It's CVE-2022-21658 https://t.co/z3O7hL8aX2 https://twitter.com/rustlang/status/1484121358263070725bascule
2022-01-22 23:10:17CVE-2022-21658 https://t.co/9T4knLMFCy #HarsiaInfo https://har-sia.info/CVE-2022-21658.htmlHar_sia
2022-01-22 10:30:25PortageのRust、今まで2バージョン遅れてゆっくりstableになっていってたのにCVE-2022-21658の影響で一気に1.58.1がstableになってそれ以外maskされたの草xecual
2022-01-22 08:40:09CVE-2022-21658への対応です。 https://t.co/v98T1j8YMo https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlutam0k
2022-01-22 04:14:29Security advisory for the standard library (CVE-2022-21658) https://t.co/fQyWzbl7gt Discussions:… https://t.co/6rfAv8oAv5 https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html https://twitter.com/i/web/status/1484606619912654857RustDiscussions
2022-01-22 03:23:59Security advisory for the standard library (CVE-2022-21658) https://t.co/fQyWzbl7gt Discussions:… https://t.co/6rfAv8oAv5 https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html https://twitter.com/i/web/status/1484606619912654857RustDiscussions
2022-01-22 02:00:43#RustNews #Rust #Automated | Security advisory for the standard library (CVE-2022-21658) https://t.co/XhJzHaYVpH https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlhasdid
2022-01-21 23:22:46🤔 Security advisory - privilege escalation in the ⁦@rustlang⁩ standard library (CVE-2022-21658) | Rust Blog… https://t.co/1q95bCSzIF https://twitter.com/i/web/status/1484662803428372481markcartertm
2022-01-21 16:07:29PoC for CVE-2022-21658. Not useful in any way though. https://t.co/jDbgs87roq https://github.com/sagittarius-a/cve-2022-21658Cyber_serker
2022-01-21 15:51:13Security advisory for the standard library (CVE-2022-21658) | Rust Blog https://t.co/3NN1HzaEBG https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlrhpav7
2022-01-21 15:11:42CVE-2022-21658 https://t.co/9T4knLMFCy #HarsiaInfo https://har-sia.info/CVE-2022-21658.htmlHar_sia
2022-01-21 15:00:46Suggested Read: Security advisory for the standard library (CVE-2022-21658) | Rust Blog https://t.co/ucGUIigpCY #devopsish https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlChrisShort
2022-01-21 14:52:48CVE-2022-21658 向けの修正.今すぐ rustup update stable https://t.co/Y4SSSOJpeH https://blog.rust-lang.org/2022/01/20/Rust-1.58.1.htmlLinda_pp
2022-01-21 14:40:59Security advisory for the standard Rust library (CVE-2022-21658) "An attacker could use this security issue to tri… https://t.co/w3Jvt9ma4f https://twitter.com/i/web/status/1484534642019651584campuscodi
2022-01-21 08:32:04Rust 1.58.1 est tout chaud et il corrige le CVE-2022-21658 : https://t.co/QCReWhE1qJ https://blog.rust-lang.org/2022/01/20/Rust-1.58.1.htmlbearstech
2022-01-21 04:21:39Stl 的cve qq | Security advisory for the standard library (CVE-2022-21658) | Rust Blog https://t.co/mMLAF1xjW9 https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlwelkineins
2022-01-20 23:34:13"Security advisory for the standard library (CVE-2022-21658)" by @rustlang - Rust 1.58.1 update fixes privilege-esc… https://t.co/SmXld3Y61X https://twitter.com/i/web/status/1484305566872731648KO6YQ
2022-01-20 23:30:29"Race condition in the Rust standard library (CVE-2022-21658)" / https://t.co/dWlb5DSYZz https://www.openwall.com/lists/oss-security/2022/01/20/1grauwoelfchen
2022-01-20 22:22:58Hi, I'm CVE-2022-21658. I was never good with numbers though, so you can call me Bounded Foxhound https://t.co/DcWFh2v2on https://nvd.nist.gov/vuln/detail/CVE-2022-21658vulnonym
2022-01-20 22:02:43We just released Rust 1.58.1, containing the fix for CVE-2022-21658 (race condition in std::fs::remove_dir_all) plu… https://t.co/ETOaGGKp3b https://twitter.com/i/web/status/1484282263122677765rustlang
2022-01-20 20:41:09Security advisory for the Rust standard library (CVE-2022-21658) https://t.co/DUtRA0jsUT https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmljedisct1
2022-01-20 20:10:19Security advisory for the standard library (CVE-2022-21658) https://t.co/n2asNnV6F3 by @rustlang https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlRustLibHunt
2022-01-20 19:44:35New post from https://t.co/uXvPWJy6tj (CVE-2022-21658) has been published on https://t.co/FZFRnFYMKR http://www.sesin.at https://www.sesin.at/2022/01/20/cve-2022-21658/WolfgangSesin
2022-01-20 19:43:39New post from https://t.co/9KYxtdZjkl (CVE-2022-21658) has been published on https://t.co/o81mJuYjIY http://www.sesin.at https://www.sesin.at/2022/01/20/cve-2022-21658/www_sesin_at
2022-01-20 19:40:14В стандартной библиотеке языка Rust выявлена уязвимость (CVE-2022-21658), связанная с состоянием гонки в функции s… https://t.co/bLR0h2StCm https://twitter.com/i/web/status/1484248943546535939ProHoster_info
2022-01-20 18:51:02🚨 NEW: CVE-2022-21658 🚨 Rust is a multi-paradigm, general-purpose programming language designed for performance and… https://t.co/A0bQKH89Oa https://twitter.com/i/web/status/1484235083808751620threatintelctr
2022-01-20 18:50:30CVE-2022-21658 Rust is a multi-paradigm, general-purpose programming language designed for performance and safety,… https://t.co/Jy4P2kl8bc https://twitter.com/i/web/status/1484235565432287239CVEnew
2022-01-20 17:40:16CVE-2022-21658 : Rust is a multi-paradigm, general-purpose programming language designed for performance and safety… https://t.co/bCRIoOXJ2t https://twitter.com/i/web/status/1484219149182189573CVEreport
2022-01-20 16:30:26Security advisory for the standard library (CVE-2022-21658) https://t.co/TO6uJV9HnD https://bit.ly/3IdRMxQkuhn_on_kash
2022-01-20 15:30:47Security advisory for the standard library (CVE-2022-21658) https://t.co/7ioLqZGwco #rust #security https://t.co/usOitPZO82 https://lobste.rs/s/s5zcc1 https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmllobsters
2022-01-20 13:50:24Security advisory for the standard library (CVE-2022-21658) | Rust Blog https://t.co/UiYSAwGFnf TOCTOU かぁ…… https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmllo48576
2022-01-20 13:00:25The Rust Programming Language Blog: Security advisory for the standard library (CVE-2022-21658) https://t.co/f9CzRitAK8 https://ift.tt/3tFhLKxplanetmozilla
2022-01-20 12:32:28Security advisory for the standard library (CVE-2022-21658) https://t.co/1p1qwPnCsd https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmldiffblog
2022-01-20 12:20:32CVE-2022-21658 The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library functi… https://t.co/QQvGFdIgI5 https://twitter.com/i/web/status/1484137648201637891VulmonFeeds
2022-01-20 12:01:05std::fs::remove_dir_all という関数があることを初めて知った。 Security advisory for the standard library (CVE-2022-21658) https://t.co/dy7gb2vWPH https://blog.rust-lang.org/2022/01/20/cve-2022-21658.htmlNaoki_Rin
2022-01-20 11:22:44The std::fs::remove_dir_all function in the Rust standard library is vulnerable to a race condition (CVE-2022-21658… https://t.co/aGNaaT6KXL https://twitter.com/i/web/status/1484121358263070725rustlang