CVE-2022-21658
Public on 2022-01-20
Modified on 2022-06-30
Description
A race condition flaw was found in Rust's std::fs::remove_dir_all function. Rust applications that use this function may be vulnerable to a race condition where an unprivileged attacker can trick the application into deleting files and directories, causing an impact on system data integrity. If the application is privileged, an attacker can possibly delete files they would not usually have access to.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | rust | 2022-07-06 | ALAS2-2022-1817 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
| NVD | CVSSv2 | 3.3 | AV:L/AC:M/Au:N/C:N/I:P/A:P |
| NVD | CVSSv3 | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H |