ALAS2023-2023-030 --- gccID: oval:org.secpod.oval:def:19500096 | Date: (C)2023-06-12 (M)2024-06-13 |
Class: PATCH | Family: unix |
A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer
Platform: |
Amazon Linux 2023 |
Product: |
gcc |
libasan |
libtsan |
libgcc |
libitm |
cpp |
libgfortran |
libstdc++ |
liblsan |
libatomic |
libgomp |
libubsan |
libquadmath |