[Issue 22465] New: Unicode Trojan Source Vulnerability
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Mon Nov 1 18:20:11 UTC 2021
https://issues.dlang.org/show_bug.cgi?id=22465
Issue ID: 22465
Summary: Unicode Trojan Source Vulnerability
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P1
Component: dmd
Assignee: nobody at puremagic.com
Reporter: bugzilla at digitalmars.com
Source code can be maliciously encoded with Unicode characters in comments,
string literals, and character literals so source code can be different than
what it visually appears to be.
As documented:
https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
https://www.trojansource.codes/trojan-source.pdf
https://news.ycombinator.com/item?id=29062982
--
More information about the Digitalmars-d-bugs
mailing list