Comments 1
CVE-2022-21658 из раста как-то потерялась https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
Ее, конечно, спешно поправили (в Rust std), но подобные уязвимости остаются в С++ и никому нет до этого никакого дела.
Yes, all three libstdc++, libc++ and MS STL have the same vulnerability. And it's not just a question of implementation:
<filesystem>
specification is long known to be prone to TOCTOU problems, since it uses paths to refer to files. There were proposals to introduce TOCTOU-safe interface (P1031 and P1883) but these did not progress for some time.
https://www.reddit.com/r/rust/comments/s8h1kr/security_advisory_for_the_standard_library/htg6z6j/
0
Sign up to leave a comment.
Топ 10 самых интересных CVE за январь 2022