CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

History

07 Nov 2023, 03:32

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/', 'name': 'FEDORA-2021-5c81cb03d0', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/', 'name': 'FEDORA-2021-a1f51fc418', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/ -

03 Feb 2023, 15:02

Type Values Removed Values Added
First Time Debian
Broadcom brocade Fabric Operating System Firmware
Debian debian Linux
Broadcom
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

06 Jun 2022, 17:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html -

20 May 2022, 20:48

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202107-13 - Third Party Advisory

22 Apr 2021, 19:29

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/ - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20210416-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20210416-0003/ - Third Party Advisory

19 Apr 2021, 20:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUTQPHZNZWX2DZR46QFLQZRHVMHIILJ/ -

16 Apr 2021, 11:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20210416-0003/ -

25 Mar 2021, 16:44

Type Values Removed Values Added
CVSS v2 : 5.8
v3 : 7.1
v2 : 5.0
v3 : 5.3

22 Mar 2021, 17:34

Type Values Removed Values Added
CVSS v2 : 3.6
v3 : 7.1
v2 : 5.8
v3 : 7.1

22 Mar 2021, 13:41

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/ - Mailing List, Third Party Advisory
References (MISC) https://gitlab.gnome.org/GNOME/glib/-/issues/2325 - (MISC) https://gitlab.gnome.org/GNOME/glib/-/issues/2325 - Exploit, Issue Tracking, Patch, Vendor Advisory
CPE cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.6
v3 : 7.1
CWE CWE-59

22 Mar 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RXTD5HCP2K4AAUSWWZTBKQNHRCTAEOF/ -

11 Mar 2021, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-03-11 22:15

Updated : 2023-12-10 13:41


NVD link : CVE-2021-28153

Mitre link : CVE-2021-28153

CVE.ORG link : CVE-2021-28153


JSON object : View

Products Affected

gnome

  • glib

debian

  • debian_linux

broadcom

  • brocade_fabric_operating_system_firmware

fedoraproject

  • fedora
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')