FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rust -- Race condition enabling symlink following

Affected packages
rust < 1.58.1
rust-nightly <


VuXML ID ee26f513-826e-11ec-8be6-d4c9ef517024
Discovery 2022-01-20
Entry 2022-01-31
Modified 2022-02-03

The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.


CVE Name CVE-2022-21658