Trojan Source

Trojan Source
CVE identifier(s)	CVE-2021-42574; CVE-2021-42694;
Date discovered	September 9, 2021
Discoverer	Nicholas Boucher, Ross Anderson
Affected software	Unicode, source code
Website	trojansource.codes

Trojan Source is a software vulnerability that abuses Unicode's bidirectional characters to display source code differently than the actual execution of the source code.^[1] The exploit utilizes how writing scripts of different reading directions are displayed and encoded on computers. It was discovered by Nicholas Boucher and Ross Anderson at Cambridge University in late 2021.^[2]

^ "'Trojan Source' Bug Threatens the Security of All Code – Krebs on Security". November 2021. Archived from the original on 2022-01-14. Retrieved 2022-01-17.
^ "VU#999008 - Compilers permit Unicode control and homoglyph characters". www.kb.cert.org. Archived from the original on 2022-01-21. Retrieved 2022-01-17.

[krebs-1] "'Trojan Source' Bug Threatens the Security of All Code – Krebs on Security". November 2021. Archived from the original on 2022-01-14. Retrieved 2022-01-17.

[certcc-2] "VU#999008 - Compilers permit Unicode control and homoglyph characters". www.kb.cert.org. Archived from the original on 2022-01-21. Retrieved 2022-01-17.

[1]

[2]

CVE identifier(s)	CVE-2021-42574 CVE-2021-42694
Date discovered	September 9, 2021; 3 years ago (2021-09-09)
Discoverer	Nicholas Boucher, Ross Anderson
Affected software	Unicode, source code
Website	trojansource.codes