Trojan Source: Invisible Vulnerabilities

Today we are releasing Trojan Source: Invisible Vulnerabilities, a paper describing cool new tricks for crafting targeted vulnerabilities that are invisible to human code reviewers.

Until now, an adversary wanting to smuggle a vulnerability into software could try inserting an unobtrusive bug in an obscure piece of code. Critical open-source projects such as operating systems depend on human review of all new code to detect malicious contributions by volunteers. So how might wicked code evade human eyes?

We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We’ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages.

This potentially devastating attack is tracked as CVE-2021-42574, while a related attack that uses homoglyphs – visually similar characters – is tracked as CVE-2021-42694. This work has been under embargo for a 99-day period, giving time for a major coordinated disclosure effort in which many compilers, interpreters, code editors, and repositories have implemented defenses.

This attack was inspired by our recent work on Imperceptible Perturbations, where we use directionality overrides, homoglyphs, and other Unicode features to break the text-based machine learning systems used for toxic content filtering, machine translation, and many other NLP tasks.

More information about the Trojan Source attack can be found at, and proofs of concept can also be found on GitHub. The full paper can be found here.

8 thoughts on “Trojan Source: Invisible Vulnerabilities

  1. Is this really novel? I recall reading about the homoglyph attack many years ago, in the context of malicious URLs. I thought it was by your very own Markus Kuhn, but I can’t find the reference now…

  2. Malicious URLs is one thing. Sources are different thing, no? And using unicode RTL to fake visible vs actual interpretation is something new to me.

    (= ʎɐp ʎddɐɥ puɐ ollǝɥ

  3. Hi

    The paper is fifteen pages. Good solid text, No pics.

    Old rule of thumb: One typed page of text equals one kilobytes.

    The paper is 3.3 megabytes! has something been added?

    I just love security!

Leave a Reply

Your email address will not be published. Required fields are marked *