阿里云漏洞库

Rust是Mozilla基金会的一款通用、编译型编程语言。

Rust 中存在竞争条件问题漏洞，该漏洞源于产品的'std:: fs:: remove_dir_all'函数未对用户权限进行有效验证。攻击者可通过该漏洞删除不能访问的文件和目录。

受影响系统：Rust 1.0.0 - 1.58.0 版本

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2

参考链接
https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
https://github.com/rust-lang/rust/pull/93110
https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bb...
https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d8...
https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc1783...
https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202210-09
https://support.apple.com/kb/HT213182
https://support.apple.com/kb/HT213183
https://support.apple.com/kb/HT213186
https://support.apple.com/kb/HT213193

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	rust-lang	rust	*	From (including) 1.0.0	Up to (including) 1.58.0
	运行在以下环境
	系统	amazon_2	rust	*		Up to (excluding) 1.61.0-2.amzn2.0.1
	运行在以下环境
	系统	debian_12	rustc	*		Up to (excluding) 1.57.0+dfsg1-1
	运行在以下环境
	系统	fedora_34	rls	*		Up to (excluding) 1.58.1-1.fc34
	运行在以下环境
	系统	fedora_35	rls	*		Up to (excluding) 1.58.1-1.fc35
	运行在以下环境
	系统	fedora_36	afterburn	*		Up to (excluding) 5.2.0-3.fc36
	运行在以下环境
	系统	fedora_EPEL_7	llvm13	*		Up to (excluding) 13.0.1-1.el7
	运行在以下环境
	系统	opensuse_Leap_15.3	rust	*		Up to (excluding) 1.58.0-150300.7.3.1
	运行在以下环境
	系统	opensuse_Leap_15.4	rust	*		Up to (excluding) 1.59.0-150300.21.20.1
	运行在以下环境
	系统	ubuntu_20.04	rustc	*		Up to (excluding) 1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2