Unicode Unicode

Do you want an email whenever new security vulnerabilities are reported in Unicode?

By the Year

In 2021 there have been 2 vulnerabilities in Unicode with an average score of 8.3 out of ten. Unicode did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 2 8.30
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Unicode vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Unicode Security Vulnerabilities

An issue was discovered in the character definitions of the Unicode Specification through 14.0

CVE-2021-42694 8.3 - High - November 01, 2021

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.

Code Injection

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0

CVE-2021-42574 8.3 - High - November 01, 2021

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Code Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Unicode? Click the Watch button to subscribe.

Unicode
Vendor

Unicode
Product

subscribe