Unicode 14.0Âбþ³«È¯¥Ä¡¼¥ë¡¢°Õ¿Þ¤»¤ÌÆ°ºîµ¯¤³¤¹ÀȼåÀ
JPCERT¥³¡¼¥Ç¥£¥Í¡¼¥·¥ç¥ó¥»¥ó¥¿¡¼¡ÊJPCERT/CC: Japan Computer Emergency Response Team Coordination Center¡Ë¤Ï11·î10Æü¡¢¡ÖJVNVU#98850865: Unicode¤òºÎÍѤ¹¤ë¥³¥ó¥Ñ¥¤¥é¤ËÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Î°Õ¿Þ¤·¤Ê¤¤À©¸æ¤ò²Äǽ¤Ë¤¹¤ëÀȼåÀ¡×¤Ë¤ª¤¤¤Æ¡¢14.0¤Þ¤Ç¤ÎUnicode»ÅÍͤòºÎÍѤ¹¤ë¥³¥ó¥Ñ¥¤¥é¡¢¥¤¥ó¥¿¥×¥ê¥¿¡¢¤ª¤è¤Ó¤½¤Î¤Û¤«¤Î³«È¯¥Ä¡¼¥ë¤Ê¤É¤ËÀȼåÀ¤¬Â¸ºß¤¹¤ë¤ÈÅÁ¤¨¤¿¡£¤³¤ÎÀȼåÀ¤ò°ÍѤµ¤ì¤ë¤È¡¢¹¶·â¼Ô¤Ë¤è¤Ã¤Æ°Õ¿Þ¤·¤Ê¤¤À©¸æ¤ò¤µ¤»¤é¤ì¤ë´í¸±À¤¬¤¢¤ë¡£
ÀȼåÀ¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¼¡¤Î¥Ú¡¼¥¸¤Ë¤Þ¤È¤Þ¤Ã¤Æ¤¤¤ë¡£
VU#999008 - Compilers permit Unicode control and homoglyph characters
Trojan Source Attacks
JVNVU#98850865: Unicode¤òºÎÍѤ¹¤ë¥³¥ó¥Ñ¥¤¥é¤ËÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Î°Õ¿Þ¤·¤Ê¤¤À©¸æ¤ò²Äǽ¤Ë¤¹¤ëÀȼåÀ
ÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ë¥Ä¡¼¥ë¤Ç¤Ï¡¢ÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Î°Õ¿Þ¤·¤Ê¤¤À©¸æ¤¬²Äǽ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¤µ¤ì¤Æ¤ª¤ê¡¢¤³¤ÎÀȼåÀ¤ò°ÍѤµ¤ì¤ë¤È¹¶·â¼Ô¤Ë¤è¤Ã¤Æ»ë³ÐŪ¤Ë³Îǧ¤Ç¤¤Ê¤¤¥³¡¼¥É¤òÁÞÆþ¤µ¤ì¡¢°Õ¿Þ¤»¤ÌÆ°ºî¤¬È¯À¸¤¹¤ë²ÄǽÀ¤¬¤¢¤ë¤È¤µ¤ì¤Æ¤¤¤ë¡£
¤³¤ÎÀȼåÀ¤Îȯ¸«¼Ô¤Ï¥³¥ó¥Ñ¥¤¥é¤Ê¤É¤Î³«È¯¼Ô¤ËÂФ·¤Æ¡¢¸À¸ì»ÅÍͤǤÎÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤Î¶Ø»ß¡¢¥³¥ó¥Ñ¥¤¥é¡¦¥¤¥ó¥¿¥×¥ê¥¿¡¦¥Ó¥ë¥É¥Ñ¥¤¥×¥é¥¤¥ó¤Ç¤ÎÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Ë¤Ä¤¤¤Æ¥¨¥é¡¼¤ä·Ù¹ð¤Îɽ¼¨¡¢¥³¡¼¥É¥¨¥Ç¥£¥¿¤È¥ê¥Ý¥¸¥È¥ê¥Õ¥í¥ó¥È¥¨¥ó¥É¤Ç¤ÎÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Ë¤Ä¤¤¤Æ¤Î»ë³ÐŪ¤Êµ¹æ¤ä·Ù¹ð¤Îɽ¼¨¤ò¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£
VU#999008 - Compilers permit Unicode control and homoglyph characters
Trojan Source Attacks
ÀȼåÀ¤Î±Æ¶Á¤ò¼õ¤±¤ë¥Ä¡¼¥ë¤Ç¤Ï¡¢ÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Î°Õ¿Þ¤·¤Ê¤¤À©¸æ¤¬²Äǽ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È¤µ¤ì¤Æ¤ª¤ê¡¢¤³¤ÎÀȼåÀ¤ò°ÍѤµ¤ì¤ë¤È¹¶·â¼Ô¤Ë¤è¤Ã¤Æ»ë³ÐŪ¤Ë³Îǧ¤Ç¤¤Ê¤¤¥³¡¼¥É¤òÁÞÆþ¤µ¤ì¡¢°Õ¿Þ¤»¤ÌÆ°ºî¤¬È¯À¸¤¹¤ë²ÄǽÀ¤¬¤¢¤ë¤È¤µ¤ì¤Æ¤¤¤ë¡£
¤³¤ÎÀȼåÀ¤Îȯ¸«¼Ô¤Ï¥³¥ó¥Ñ¥¤¥é¤Ê¤É¤Î³«È¯¼Ô¤ËÂФ·¤Æ¡¢¸À¸ì»ÅÍͤǤÎÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤Î¶Ø»ß¡¢¥³¥ó¥Ñ¥¤¥é¡¦¥¤¥ó¥¿¥×¥ê¥¿¡¦¥Ó¥ë¥É¥Ñ¥¤¥×¥é¥¤¥ó¤Ç¤ÎÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Ë¤Ä¤¤¤Æ¥¨¥é¡¼¤ä·Ù¹ð¤Îɽ¼¨¡¢¥³¡¼¥É¥¨¥Ç¥£¥¿¤È¥ê¥Ý¥¸¥È¥ê¥Õ¥í¥ó¥È¥¨¥ó¥É¤Ç¤ÎÁÐÊý¸þ¥Æ¥¥¹¥ÈÀ©¸æʸ»ú¤ª¤è¤Ó¥Û¥â¥°¥ê¥Õʸ»ú¤Ë¤Ä¤¤¤Æ¤Î»ë³ÐŪ¤Êµ¹æ¤ä·Ù¹ð¤Îɽ¼¨¤ò¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡£
